Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Setup (1).exe

Overview

General Information

Sample name:Setup (1).exe
Analysis ID:1386890
MD5:ec427b1bf867dc6fdfdfc2b5219f44de
SHA1:d23dfcbd02089bc6f13db8dd4cf1f9c5a085d275
SHA256:9b1d8b1bafd4f496de3e996dc6778ff0c75f37f2e5eaa5a60049d7c8338e7ef5
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:17
Range:0 - 100

Signatures

Multi AV Scanner detection for dropped file
Contains functionality to check if the process is started with administrator privileges
Contains functionality to infect the boot sector
Found API chain indicative of debugger detection
Found API chain indicative of sandbox detection
Found stalling execution ending in API Sleep call
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Very long command line found
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries disk information (often used to detect virtual machines)
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Suspicious Process Patterns NTDS.DIT Exfil
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • Setup (1).exe (PID: 2072 cmdline: C:\Users\user\Desktop\Setup (1).exe MD5: EC427B1BF867DC6FDFDFC2B5219F44DE)
    • chrome.exe (PID: 504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 2340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2088,i,7827127790469141543,7721217592349292096,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • SetupEngine.exe (PID: 7948 cmdline: "C:\Users\user\AppData\Local\Temp\SetupEngine.exe" MD5: 6ADC1C797360ABEE521CAC2019130184)
      • cmd.exe (PID: 8028 cmdline: cmd /c "C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp" > C:\Users\user\AppData\Local\Temp\dskres.xml MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 8036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • diskspd.exe (PID: 8080 cmdline: C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp MD5: FC41CABDD3C18079985AC5F648F58A90)
      • SetupResources.exe (PID: 7556 cmdline: C:\Users\user\AppData\Local\Temp\SetupResources.exe MD5: 884E1463B4CB20B28C3A80960E02AC2D)
      • chrome.exe (PID: 7636 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid= MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 7884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1916,i,5467394529927478495,12224471983908460789,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • fast!.exe (PID: 8116 cmdline: C:\Program Files (x86)\Fast!\Fast!.exe MD5: 3F2669BA4BA457B6F5B0F3CD949F1FDB)
  • svchost.exe (PID: 608 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • FastSRV.exe (PID: 7716 cmdline: C:\Program Files (x86)\Fast!\FastSRV.exe MD5: B8AF4E4DFAB89560361DDB94353E7E06)
    • fast!.exe (PID: 7788 cmdline: C:\Program Files (x86)\fast!\fast!.exe MD5: 3F2669BA4BA457B6F5B0F3CD949F1FDB)
      • nw.exe (PID: 8152 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\. MD5: 4D9F9AE313447C1A616574E185697E3C)
        • nw.exe (PID: 6652 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win32 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x2d0,0x2d4,0x2d8,0x2cc,0x2dc,0x6b77693c,0x6b77694c,0x6b77695c MD5: 4D9F9AE313447C1A616574E185697E3C)
          • nw.exe (PID: 2564 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x1e4,0x1e8,0x1ec,0x1dc,0x1f0,0x113482c,0x113483c,0x113484c MD5: 4D9F9AE313447C1A616574E185697E3C)
        • nw.exe (PID: 8076 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --no-sandbox --no-zygote --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --service-pipe-token=8105DEE737FAB8EA109B16EF340D3C98 --lang=en-GB --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=8105DEE737FAB8EA109B16EF340D3C98 --renderer-client-id=2 --mojo-platform-channel-handle=2304 /prefetch:1 MD5: 4D9F9AE313447C1A616574E185697E3C)
        • nw.exe (PID: 7628 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --use-gl=swiftshader-webgl --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0405 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=FD389EC5CD9C89122ED5B3B0DEEB4EE8 --mojo-platform-channel-handle=2920 /prefetch:2 MD5: 4D9F9AE313447C1A616574E185697E3C)
        • nw.exe (PID: 7124 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --lang=en-GB --no-sandbox --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=AA0F20FA834DC6E5A78D4F769174833B --mojo-platform-channel-handle=3244 /prefetch:8 MD5: 4D9F9AE313447C1A616574E185697E3C)
        • nw.exe (PID: 3988 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --lang=en-GB --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=13E732A3972A8DB0A295812B28F54687 --mojo-platform-channel-handle=3060 /prefetch:8 MD5: 4D9F9AE313447C1A616574E185697E3C)
    • fast!.exe (PID: 8100 cmdline: C:\Program Files (x86)\fast!\fast!.exe MD5: 3F2669BA4BA457B6F5B0F3CD949F1FDB)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Suspicious Process Patterns NTDS.DIT Exfil
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\AppData\Local\Temp\SetupEngine.exe" , CommandLine: "C:\Users\user\AppData\Local\Temp\SetupEngine.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\SetupEngine.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\SetupEngine.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\SetupEngine.exe, ParentCommandLine: C:\Users\user\Desktop\Setup (1).exe, ParentImage: C:\Users\user\Desktop\Setup (1).exe, ParentProcessId: 2072, ParentProcessName: Setup (1).exe, ProcessCommandLine: "C:\Users\user\AppData\Local\Temp\SetupEngine.exe" , ProcessId: 7948, ProcessName: SetupEngine.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 608, ProcessName: svchost.exe

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\SetupEngine[1].exeReversingLabs: Detection: 37%
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeReversingLabs: Detection: 37%
Source: C:\Users\user\Desktop\Setup (1).exeEXE: C:\Users\user\AppData\Roaming\mntbasic\mntbasic.exeJump to behavior
Source: https://veryfast.io/installing2.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67HTTP Parser: No favicon
Source: https://veryfast.io/installing2.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67HTTP Parser: No favicon
Source: https://veryfast.io/installing2.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67HTTP Parser: No favicon
Source: https://veryfast.io/installing2.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67HTTP Parser: No favicon
Source: https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=HTTP Parser: No favicon

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\Setup (1).exeEXE: C:\Users\user\AppData\Roaming\mntbasic\mntbasic.exeJump to behavior
Uses 32bit PE files
Source: Setup (1).exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Uses insecure TLS / SSL version for HTTPS connection
Source: unknownHTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49745 version: TLS 1.0
PE / OLE file has a valid certificate
Source: Setup (1).exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 161.35.127.181:443 -> 192.168.2.8:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 89.187.173.22:443 -> 192.168.2.8:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.67.65.20:443 -> 192.168.2.8:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.8:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 161.35.127.181:443 -> 192.168.2.8:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.8:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 161.35.127.181:443 -> 192.168.2.8:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 161.35.127.181:443 -> 192.168.2.8:49761 version: TLS 1.2
Binary contains paths to debug symbols
Source: Binary string: E:\build\nw26_win32\node-webkit\src\outst\nw\initialexe\nw.exe.pdb source: nw.exe, 00000016.00000002.2748877399.00000000010F6000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: z:\rs1.obj.x86fre\sdktools\srvperf\diskspd.oss\cmdrequestcreator\objfre\i386\diskspd.pdb source: diskspd.exe, diskspd.exe, 0000000B.00000000.1719006175.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp
Source: Binary string: C:\Build\Build_vfs_2.305_D20231117T113317\veryfast.io\FastSRV\Release\FastSRV.pdb source: FastSRV.exe, 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmp, FastSRV.exe, 00000010.00000000.1999646117.00000000000CE000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\Build\Build_vfs_2.305_D20231117T113317\veryfast.io\proc_booster\Release-Booster\proc_booster.pdb source: fast!.exe, 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000011.00000000.2003989054.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000014.00000002.2008083677.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000014.00000000.2006991802.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000015.00000002.2011583332.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000015.00000000.2009601912.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: z:\rs1.obj.x86fre\sdktools\srvperf\diskspd.oss\cmdrequestcreator\objfre\i386\diskspd.pdbGCTL source: diskspd.exe, 0000000B.00000000.1719006175.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp
Source: Binary string: C:\Build\Build_vfs_2.305_D20231117T113317\veryfast.io\proc_booster\Release-Booster\proc_booster.pdbs source: fast!.exe, 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000011.00000000.2003989054.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000014.00000002.2008083677.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000014.00000000.2006991802.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000015.00000002.2011583332.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000015.00000000.2009601912.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: z:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: x:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: v:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: t:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: r:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: p:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: n:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: l:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: j:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: h:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: f:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: b:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: y:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: w:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: u:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: s:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: q:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: o:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: m:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: k:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: i:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: g:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: e:
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: c:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: a:
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_004054C6 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054C6
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_00405E9C FindFirstFileA,FindClose,0_2_00405E9C
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_00402654 FindFirstFileA,0_2_00402654
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,8_2_00405C49
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_00406873 FindFirstFileW,FindClose,8_2_00406873
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_0040290B FindFirstFileW,8_2_0040290B
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 14_2_00402654 FindFirstFileA,14_2_00402654
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 14_2_004054C6 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,14_2_004054C6
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 14_2_00405E9C FindFirstFileA,FindClose,14_2_00405E9C
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 16_2_000C6CAD FindFirstFileExW,16_2_000C6CAD
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00D9E91D __EH_prolog3_GS,GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,17_2_00D9E91D
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00D9E91D __EH_prolog3_GS,GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,20_2_00D9E91D
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00E07210 FindFirstFileExW,FindNextFileW,FindClose,GetFileAttributesW,PathMatchSpecW,22_2_00E07210
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 37.19.206.5 37.19.206.5
Source: Joe Sandbox ViewIP Address: 89.187.173.22 89.187.173.22
Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownHTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49745 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknownTCP traffic detected without corresponding DNS query: 192.124.249.22
Source: unknownTCP traffic detected without corresponding DNS query: 192.124.249.23
Source: unknownTCP traffic detected without corresponding DNS query: 192.124.249.22
Source: unknownTCP traffic detected without corresponding DNS query: 192.124.249.23
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&evt_src=installer&evt_action=mini_start&version=&defaultbrowser=default HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: veryfast.ioConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /installing.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67 HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /src/main_code.js?t=20171020 HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://veryfast.io/installing.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /installing2.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67 HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://veryfast.io/installing.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1707144980615896
Source: global trafficHTTP traffic detected: GET /pixel.gif?evt_src=web&evt_action=new_fcid&ncrd=1707144980624&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/117.0.0.0%20Safari/537.36 HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://veryfast.io/installing.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1707144980615896
Source: global trafficHTTP traffic detected: GET /assets/plugins/jquery-3.5.1.min.js HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://veryfast.io/installing2.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1707144980615896
Source: global trafficHTTP traffic detected: GET /images/fast.png HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://veryfast.io/installing2.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1707144980615896
Source: global trafficHTTP traffic detected: GET /download.php?engine=1&guid=9AC52742-8547-84D6-5349-ECEC87A66D67 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: veryfast.ioConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pcapp/images/fast.png HTTP/1.1Host: repository.pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://veryfast.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /download/2.305/SetupEngine.exe HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Connection: Keep-AliveCache-Control: no-cacheHost: repcdn.veryfast.io
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://veryfast.io/installing2.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1707144980615896
Source: global trafficHTTP traffic detected: GET /pcapp/images/fast.png HTTP/1.1Host: repository.pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: veryfast.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1707144980615896
Source: global trafficHTTP traffic detected: GET /download/SetupResources.exe HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: d1uyoz7mfvzv4e.cloudfront.netConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=S7WXRsuOLGYF5hF&MD=NEsUzxVg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&version=2.305&evt_src=installer&evt_action=start&channelId= HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: veryfast.ioConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&version=2.305&evt_src=installer&evt_action=installing HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: veryfast.ioConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&version=2.305&evt_src=installer&evt_action=systeminfo&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: veryfast.ioConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /register.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&ch=&version=2.305&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: veryfast.ioConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid= HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1707144980615896
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&version=2.305&evt_src=installer&evt_action=done HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: veryfast.ioConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /src/initiate.js HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1707144980615896
Source: global trafficHTTP traffic detected: GET /src/main.js?t=20171020 HTTP/1.1Host: veryfast.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1707144980615896
Source: global trafficHTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://veryfast.io/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cpg.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: veryfast.ioConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=S7WXRsuOLGYF5hF&MD=NEsUzxVg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=000000000000000000000000000000000000000061FF3C0F15 HTTP/1.1Host: clients1.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: "url": "https://www.facebook.com/chat/video/videocalldownload.php", equals www.facebook.com (Facebook)
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: var url = 'http://www.youtube.com/embed/' + equals www.youtube.com (Youtube)
Source: nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
Source: unknownDNS traffic detected: queries for: veryfast.io
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=orcSInoZBb6Srw0PdPMNeLGKsegfLi-tQnviho5hKJXKDNg0kXIPnfTcuwV5r7RqjT893pWGJF7klKqldBoj4rDJvxfFlgDOCcW9aKDnU9zIlUh2LP0vO8k3uT0gHJD1JvVAclkJnKwZG6hDAl62HrMxNrUeqSR-WF1J-l9YYgE
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://accounts.google.com/token
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
Source: Setup (1).exe, 00000000.00000003.1641649073.0000000003098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Setup (1).exe, 00000000.00000003.1641649073.0000000003098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Setup (1).exe, 00000000.00000003.1641528607.00000000030AD000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1637973185.00000000030A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/0
Source: Setup (1).exe, 00000000.00000003.1641528607.00000000030AD000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1637973185.00000000030A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/gdig2.crt0
Source: Setup (1).exe, 00000000.00000003.1641528607.00000000030AD000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1637973185.00000000030A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certificates.starfieldtech.com/repository/1604
Source: Setup (1).exe, 00000000.00000003.1641528607.00000000030AD000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1637973185.00000000030A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.godaddy.com/repository/1301
Source: nw.exe, 00000016.00000002.2762061423.0000000008710000.00000002.00000001.00040000.00000029.sdmp, nw.exe, 0000001C.00000002.2495136920.0000000007940000.00000002.00000001.00040000.00000029.sdmpString found in binary or memory: http://code.google.com/p/chromium/issues/entry
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/112091
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/116800.
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/118629.
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/119029.
Source: nw.exe, 00000016.00000002.2761947628.0000000008610000.00000002.00000001.00040000.00000028.sdmpString found in binary or memory: http://crbug.com/122474.
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/123010.
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/140364).
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/231664.
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/235689.
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/258526.
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/263077).
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/275944
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/312900
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/312900.
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/319444
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/319444.
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/320723
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/371562
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/371562.
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/374970
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/378067
Source: nw.exe, 00000016.00000002.2761947628.0000000008610000.00000002.00000001.00040000.00000028.sdmpString found in binary or memory: http://crbug.com/415315
Source: nw.exe, 00000016.00000002.2761947628.0000000008610000.00000002.00000001.00040000.00000028.sdmpString found in binary or memory: http://crbug.com/415315.
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/437891.
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/456214
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/472699
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/497301
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/510270
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/514696
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/642141
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/672186).
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/717501
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/73730
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://crbug.com/83452
Source: Setup (1).exe, 00000000.00000003.1641528607.00000000030AD000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1637973185.00000000030A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.godaddy.com/gdig2s5-2.crl0
Source: Setup (1).exe, 00000000.00000003.1641528607.00000000030AD000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1637973185.00000000030A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.godaddy.com/gdroot-g2.crl0F
Source: Setup (1).exe, 00000000.00000003.1641528607.00000000030AD000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1637973185.00000000030A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.starfieldtech.com/repository/0
Source: Setup (1).exe, 00000000.00000003.1641528607.00000000030AD000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1637973185.00000000030A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.starfieldtech.com/repository/sfsroot.crl0P
Source: svchost.exe, 00000004.00000002.2757982258.000002E340A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: Setup (1).exe, 00000000.00000003.1641649073.0000000003098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Setup (1).exe, 00000000.00000003.1641649073.0000000003098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Setup (1).exe, 00000000.00000003.1641649073.0000000003098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://developer.apple.com/safari/library/documentation/UserExperience/Reference/TouchEventClassRefe
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
Source: svchost.exe, 00000004.00000003.1558704906.000002E340920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://foo.com/bar#NAMEDDEST.
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
Source: nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_usJ
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://goo.gl/Y1OdAq
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/Ua
Source: SetupResources.exe, SetupResources.exe, 0000000E.00000000.1936857292.0000000000409000.00000008.00000001.01000000.00000012.sdmp, SetupResources.exe, 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: Setup (1).exe, 00000000.00000000.1494123580.0000000000409000.00000008.00000001.01000000.00000003.sdmp, Setup (1).exe, 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SetupEngine.exe, 00000008.00000000.1698974258.000000000040A000.00000008.00000001.01000000.0000000C.sdmp, SetupEngine.exe, 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmp, SetupResources.exe, 0000000E.00000000.1936857292.0000000000409000.00000008.00000001.01000000.00000012.sdmp, SetupResources.exe, 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Setup (1).exe, 00000000.00000003.1641649073.0000000003098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: Setup (1).exe, 00000000.00000003.1641649073.0000000003098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: Setup (1).exe, 00000000.00000003.1641528607.00000000030AD000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1637973185.00000000030A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.godaddy.com/0
Source: Setup (1).exe, 00000000.00000003.1641528607.00000000030AD000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1637973185.00000000030A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.godaddy.com/05
Source: Setup (1).exe, 00000000.00000003.1641528607.00000000030AD000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1637973185.00000000030A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.starfieldtech.com/0D
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/Article
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/BlogPosting
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/Corporation
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/EducationalOrganization
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/GovernmentOrganization
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/ImageObject
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/NGO
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/NewsArticle
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/Organization
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/Person
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/ScholarlyArticle
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://schema.org/TechArticle
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://support.apple.com/kb/HT203092
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://w3c.github.io/uievents-key/#key-Escape
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://webk.it/62664
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://wiki.greasespot.net/Greasemonkey_Manual:APIs
Source: Setup (1).exe, 00000000.00000003.1641649073.0000000003098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://www.foo.com
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://www.foo.com/bar
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2044394851.000000000BA4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.html
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.html-132064d0
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.html2
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.html3f4a17df
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.html3faU
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.html6844d8aa-6
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.htmlFU
Source: nw.exe, 00000016.00000002.2762061423.0000000008710000.00000002.00000001.00040000.00000029.sdmp, nw.exe, 0000001C.00000002.2495136920.0000000007940000.00000002.00000001.00040000.00000029.sdmpString found in binary or memory: http://www.google.com/chrome/intl/en-GB/welcome.htmlWelcome
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://www.html5rocks.com/en/tutorials/canvas/hidpi/
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
Source: nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chromen
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://www.json.com/json-schema-proposal/
Source: nw.exe, 0000001D.00000002.2645743262.0000000006A50000.00000002.00000001.00040000.00000025.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: http://www.youtube.com/embed/
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/$
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AuthSubRevokeToken
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AuthSubRevokeToken3
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ClientLogin
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetUserInfo
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/IssueAuthToken
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
Source: nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthGetAccessToken
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthWrapBridge
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLoginAuth
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/TokenAuth
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chromeos
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chromeosL
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/nsition
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/nsitionR
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth/GetOAuthToken/
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth/GetOAuthToken/r
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/authE
Source: nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/iframerpc
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/programmatic_auth
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://bugs.chromium.org/p/monorail/issues/detail?id=1488
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=12519.
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=28885
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=63367
Source: Setup (1).exe, 00000000.00000003.1641528607.00000000030AD000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1637973185.00000000030A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://certs.godaddy.com/repository/0
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://chrome-devtools-frontend.appspot.com/serve_file/
Source: nw.exe, 00000016.00000003.2032050839.0000000006D8D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome-sync.sandbox.google.com/chrome-sync/alpha
Source: nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome-sync.sandbox.google.com/chrome-sync/alphas
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://chrome.google.com/
Source: nw.exe, 00000016.00000003.2031597904.0000000006D8D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2032050839.0000000006D8D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
Source: nw.exe, 00000016.00000002.2762061423.0000000008710000.00000002.00000001.00040000.00000029.sdmp, nw.exe, 0000001C.00000002.2495136920.0000000007940000.00000002.00000001.00040000.00000029.sdmpString found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2044394851.000000000BA4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GB
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GB&
Source: nw.exe, 00000016.00000002.2762061423.0000000008710000.00000002.00000001.00040000.00000029.sdmp, nw.exe, 0000001C.00000002.2495136920.0000000007940000.00000002.00000001.00040000.00000029.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GBChrome
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GBF
Source: nw.exe, 00000016.00000003.2031597904.0000000006D8D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2032050839.0000000006D8D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreW
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: nw.exe, 00000016.00000002.2757029350.0000000006D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/dev
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/dev/event
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/dev/event_mapping
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/dev/experimentstatus
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/devD.time
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=162042
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=162044
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/entry
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://codereview.chromium.org/25305002).
Source: nw.exe, nw.exe, 00000016.00000000.2020532702.00000000010A3000.00000002.00000001.01000000.00000016.sdmp, nw.exe, 00000016.00000002.2748877399.00000000010A3000.00000002.00000001.01000000.00000016.sdmp, nw.exe, 00000018.00000000.2029486793.00000000010A3000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://crashpad.chromium.org/
Source: nw.exe, nw.exe, 00000016.00000000.2020532702.00000000010A3000.00000002.00000001.01000000.00000016.sdmp, nw.exe, 00000016.00000002.2748877399.00000000010A3000.00000002.00000001.01000000.00000016.sdmp, nw.exe, 00000018.00000000.2029486793.00000000010A3000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: nw.exe, 00000016.00000000.2020532702.00000000010A3000.00000002.00000001.01000000.00000016.sdmp, nw.exe, 00000016.00000002.2748877399.00000000010A3000.00000002.00000001.01000000.00000016.sdmp, nw.exe, 00000018.00000000.2029486793.00000000010A3000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://crbug.com/444752.
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://crbug.com/5448190).
Source: nw.exe, 00000016.00000002.2761947628.0000000008610000.00000002.00000001.00040000.00000028.sdmpString found in binary or memory: https://crbug.com/593166
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://crbug.com/701034
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://crbug.com/740629)
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.googleapis.com/aviator/
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.googleapis.com/icarus/
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.googleapis.com/pilot/
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.googleapis.com/pilot/T
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.googleapis.com/rocketeer/
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.googleapis.com/rocketeer/:
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.googleapis.com/skydiver/
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.izenpe.com/
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.izenpe.com/a
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.startssl.com/
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct.ws.symantec.com/
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct1.digicert-ct.com/log/
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ct2.digicert-ct.com/log/
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ctlog-gen2.api.venafi.com/
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ctlog.api.venafi.com/
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ctlog.wosign.com/
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ctserver.cnnic.cn/
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ctserver.cnnic.cn/S
Source: Setup (1).exe, 00000000.00000002.2027780400.0000000003070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1uyoz7mfvzv4e.cloudfront.net/
Source: Setup (1).exe, 00000000.00000002.2025253187.000000000078F000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.2025056053.00000000006DE000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.2020337801.000000000078F000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.2011764031.0000000000478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1uyoz7mfvzv4e.cloudfront.net/download/SetupResources.exe
Source: Setup (1).exe, 00000000.00000002.2025253187.000000000078F000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.2020337801.000000000078F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1uyoz7mfvzv4e.cloudfront.net/download/SetupResources.exeI
Source: Setup (1).exe, 00000000.00000002.2025056053.00000000006DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1uyoz7mfvzv4e.cloudfront.net/download/SetupResources.exeSStore
Source: Setup (1).exe, 00000000.00000002.2027780400.0000000003070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1uyoz7mfvzv4e.cloudfront.net/h
Source: nw.exe, 00000016.00000002.2757029350.0000000006D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datasaver.googleapis.com/v1/clientConfigs?alt=proto
Source: nw.exe, 00000016.00000002.2757029350.0000000006D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datasaver.googleapis.com/v1/clientConfigs?alt=protohash))
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent.keyCode#Value_of_keyCode
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Guide/CSS/Flexible_boxes)
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://developer.mozilla.org/en/DOM/document.
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://developer.mozilla.org/en/DOM/element.addEventListener
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://elements.polymer-project.org/guides/flex-layout)
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto
Source: svchost.exe, 00000004.00000003.1558704906.000002E340991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
Source: svchost.exe, 00000004.00000003.1558704906.000002E340920000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2/C:
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://github.com/PolymerElements/iron-a11y-keys-behavior/blob/master/demo/x-key-aware.html)
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://github.com/PolymerElements/iron-flex-layout/blob/master/iron-flex-layout.html).
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://github.com/PolymerElements/iron-flex-layout/tree/master/classes)
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://github.com/PolymerElements/iron-flex-layout/tree/master/iron-flex-layout-classes.html).
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/104.
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/544
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://github.com/v8/v8/wiki/Stack%20Trace%20API.
Source: nw.exe, 00000016.00000002.2762061423.0000000008710000.00000002.00000001.00040000.00000029.sdmp, nw.exe, 0000001C.00000002.2495136920.0000000007940000.00000002.00000001.00040000.00000029.sdmpString found in binary or memory: https://history.google.com/history/audio
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://log.certly.io/
Source: nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api??
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mammoth.ct.comodo.com/
Source: nw.exe, 00000016.00000003.2032050839.0000000006D8D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://performance-insights.appspot.com/upload?tags=flags
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://poly-icon.appspot.com/)
Source: Setup (1).exe, 00000000.00000002.2027780400.0000000003070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repcdn.veryfast.io/
Source: Setup (1).exe, 00000000.00000002.2025253187.000000000078F000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.2020337801.000000000078F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repcdn.veryfast.io/download/2.305/SetupEngine.exe
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sabre.ct.comodo.com/
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sirius.ws.symantec.com/
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
Source: nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divxtime
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2767700515.000000000BBC4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
Source: nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java/
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_real
Source: nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_realg
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
Source: nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave1
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
Source: nw.exe, 00000016.00000002.2762061423.0000000008710000.00000002.00000001.00040000.00000029.sdmp, nw.exe, 0000001C.00000002.2495136920.0000000007940000.00000002.00000001.00040000.00000029.sdmpString found in binary or memory: https://support.google.com/chrome/?p=sync_history&hl=en-GB
Source: nw.exe, 0000001C.00000002.2495136920.0000000007940000.00000002.00000001.00040000.00000029.sdmpString found in binary or memory: https://support.google.com/chrome/?p=ui_supervised_users&hl=en-GB
Source: nw.exe, 00000016.00000002.2762061423.0000000008710000.00000002.00000001.00040000.00000029.sdmp, nw.exe, 0000001C.00000002.2495136920.0000000007940000.00000002.00000001.00040000.00000029.sdmpString found in binary or memory: https://support.google.com/chrome/answer/185277
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2767700515.000000000BBC4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
Source: nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784C
Source: nw.exe, 00000016.00000002.2762061423.0000000008710000.00000002.00000001.00040000.00000029.sdmp, nw.exe, 0000001C.00000002.2495136920.0000000007940000.00000002.00000001.00040000.00000029.sdmpString found in binary or memory: https://support.google.com/websearch?p=chromebook_audiohistory
Source: nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://vega.ws.symantec.com/
Source: Setup (1).exe, 00000000.00000002.2027780400.0000000003099000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.2009787407.00000000004F3000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.2013204330.00000000046D1000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1711036742.00000000004F7000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.2013204330.00000000046EF000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.2010341949.00000000004F3000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.2011940187.00000000004F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/
Source: Setup (1).exe, 00000000.00000002.2027780400.0000000003099000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/%
Source: Setup (1).exe, 00000000.00000002.2025056053.00000000006DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/cpg.php?guid=
Source: Setup (1).exe, 00000000.00000002.2025253187.000000000072F000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.2020337801.0000000000765000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.2025253187.0000000000765000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.2027780400.0000000003099000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/cpg.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67
Source: Setup (1).exe, 00000000.00000002.2027780400.0000000003070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/cpg.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67I
Source: Setup (1).exe, 00000000.00000003.2020337801.0000000000765000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.2025253187.0000000000765000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/cpg.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67Nh
Source: Setup (1).exe, 00000000.00000002.2027780400.0000000003099000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/cpg.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67SetupEngine.exe
Source: Setup (1).exe, 00000000.00000003.2020337801.0000000000765000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.2025253187.0000000000765000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/cpg.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67th
Source: Setup (1).exe, 00000000.00000002.2027780400.0000000003070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/cpg.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67ubert
Source: Setup (1).exe, 00000000.00000002.2025056053.00000000006DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/download.php?engine=1&guid=
Source: Setup (1).exe, 00000000.00000002.2025253187.000000000078F000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.2020337801.000000000078F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/download.php?engine=1&guid=9AC52742-8547-84D6-5349-ECEC87A66D67
Source: Setup (1).exe, 00000000.00000002.2025253187.000000000078F000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.2020337801.000000000078F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/download.php?engine=1&guid=9AC52742-8547-84D6-5349-ECEC87A66D67L
Source: Setup (1).exe, 00000000.00000003.2020337801.0000000000765000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.2025253187.0000000000765000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/gk
Source: SetupEngine.exe, 00000008.00000003.2010012892.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.2013204330.00000000046EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php
Source: SetupEngine.exe, 00000008.00000002.2011764031.0000000000478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=
Source: SetupEngine.exe, 00000008.00000002.2013204330.00000000046EF000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.2010341949.00000000004F3000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.2011940187.00000000004F3000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.2013204330.00000000046B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=
Source: SetupEngine.exe, 00000008.00000003.2010012892.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.2013204330.00000000046EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=%
Source: SetupEngine.exe, 00000008.00000003.2009787407.00000000004F3000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.2010341949.00000000004F3000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.2011940187.00000000004F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=4
Source: SetupEngine.exe, 00000008.00000003.2010012892.0000000004701000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=C
Source: SetupEngine.exe, 00000008.00000002.2013204330.00000000046D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=CB
Source: SetupEngine.exe, 00000008.00000002.2011764031.0000000000478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=K
Source: SetupEngine.exe, 00000008.00000003.2010341949.0000000000555000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.2011940187.0000000000555000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.2009787407.0000000000555000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=lit3
Source: SetupEngine.exe, 00000008.00000002.2013204330.00000000046EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=ll
Source: SetupEngine.exe, 00000008.00000003.2009787407.00000000004F3000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.2010341949.00000000004F3000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.2011940187.00000000004F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=p
Source: Setup (1).exe, 00000000.00000002.2025056053.00000000006DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installing.html?guid=
Source: Setup (1).exe, 00000000.00000002.2025253187.000000000078F000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.2027780400.0000000003070000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.2020337801.000000000078F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installing.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67
Source: Setup (1).exe, 00000000.00000002.2027780400.0000000003070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installing.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67FB
Source: Setup (1).exe, 00000000.00000002.2025056053.00000000006DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installing.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67XB
Source: SetupEngine.exe, 00000008.00000002.2011764031.0000000000478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/pixel.gif?guid=
Source: SetupEngine.exe, 00000008.00000002.2013204330.00000000046B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/pixel.gif?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&version=2.305&evt_src
Source: Setup (1).exe, 00000000.00000002.2025253187.0000000000765000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/pixel.gif?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&evt_src=installer&evt_action
Source: SetupEngine.exe, 00000008.00000002.2011764031.0000000000478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/register.php?guid=
Source: SetupEngine.exe, 00000008.00000003.1909253112.00000000046D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/register.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&ch=&version=2.305&
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://www.google-analytics.com/collect
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.icos
Source: nw.exe, 00000016.00000002.2762061423.0000000008710000.00000002.00000001.00040000.00000029.sdmp, nw.exe, 0000001C.00000002.2495136920.0000000007940000.00000002.00000001.00040000.00000029.sdmpString found in binary or memory: https://www.google.com/intl/en-GB/chrome/browser/welcome.html52https://chrome.google.com/webstore?hl
Source: nw.exe, 00000016.00000002.2762061423.0000000008710000.00000002.00000001.00040000.00000029.sdmp, nw.exe, 0000001C.00000002.2495136920.0000000007940000.00000002.00000001.00040000.00000029.sdmpString found in binary or memory: https://www.google.com/settings/accounthistory
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://www.google.com/speech-api/v2/synthesize?
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit3
Source: nw.exe, 00000016.00000002.2767700515.000000000BA50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/IssueToken
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/u
Source: nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/config/plugins_2/plugins_win.json
Source: nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/config/plugins_2/plugins_win.jsonla
Source: nw.exe, 00000016.00000002.2757029350.0000000006D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpString found in binary or memory: https://www.polymer-project.org/1.0/docs/devguide/events.html#annotated-listeners).
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 161.35.127.181:443 -> 192.168.2.8:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 89.187.173.22:443 -> 192.168.2.8:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.67.65.20:443 -> 192.168.2.8:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.8:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 161.35.127.181:443 -> 192.168.2.8:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.8:49758 version: TLS 1.2
Source: unknownHTTPS traffic detected: 161.35.127.181:443 -> 192.168.2.8:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 161.35.127.181:443 -> 192.168.2.8:49761 version: TLS 1.2
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_00404FCB GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404FCB
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00D92BB0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,K32EnumProcesses,OpenProcess,K32GetProcessImageFileNameW,FindCloseChangeNotification,GetModuleHandleW,GetProcAddress,OpenProcess,NtQueryInformationProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,NtSetInformationProcess,NtSetInformationProcess,CloseHandle,Sleep,Sleep,17_2_00D92BB0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00DBA85F MessageBeep,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,GetKeyState,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,MessageBeep,17_2_00DBA85F
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00DBA85F MessageBeep,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,GetKeyState,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,MessageBeep,20_2_00DBA85F

System Summary

barindex
Very long command line found
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: Commandline size = 2224
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: Commandline size = 2224
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: 11_2_00BE1446 NtQuerySystemInformation,NtQuerySystemInformation,11_2_00BE1446
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00D92BB0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,K32EnumProcesses,OpenProcess,K32GetProcessImageFileNameW,FindCloseChangeNotification,GetModuleHandleW,GetProcAddress,OpenProcess,NtQueryInformationProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,NtSetInformationProcess,NtSetInformationProcess,CloseHandle,Sleep,Sleep,17_2_00D92BB0
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: 11_2_00BE1085: CreateEventA,GetLastError,DeviceIoControl,GetLastError,WaitForSingleObject,GetLastError,CloseHandle,11_2_00BE1085
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 16_2_000C1260 WTSGetActiveConsoleSessionId,WTSQueryUserToken,GetTokenInformation,GetLastError,GetLastError,wsprintfW,wsprintfW,DuplicateTokenEx,wsprintfW,wsprintfW,ConvertStringSidToSidW,wsprintfW,GetLengthSid,SetTokenInformation,wsprintfW,CloseHandle,wsprintfW,CreateProcessAsUserW,CloseHandle,CloseHandle,DestroyEnvironmentBlock,CloseHandle,CloseHandle,GetLastError,wsprintfW,DestroyEnvironmentBlock,CloseHandle,CloseHandle,GetLastError,wsprintfW,CloseHandle,CloseHandle,GetLastError,wsprintfW,16_2_000C1260
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_0040310D EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040310D
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,8_2_0040352D
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 14_2_0040310D EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,14_2_0040310D
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_00406B010_2_00406B01
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_0040632A0_2_0040632A
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_004047DC0_2_004047DC
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_0040755C8_2_0040755C
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_00406D858_2_00406D85
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: 11_2_00BE1F6011_2_00BE1F60
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: 11_2_00BDD64011_2_00BDD640
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 14_2_00406B0114_2_00406B01
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 14_2_0040632A14_2_0040632A
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 14_2_004047DC14_2_004047DC
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 16_2_000CD45116_2_000CD451
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00D92BB017_2_00D92BB0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00ED625F17_2_00ED625F
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00ED65BE17_2_00ED65BE
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00DCD8F717_2_00DCD8F7
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00DAF8AB17_2_00DAF8AB
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00EE885C17_2_00EE885C
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00EDC99017_2_00EDC990
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00DC1BA217_2_00DC1BA2
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00DFBC2117_2_00DFBC21
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00DA4DD017_2_00DA4DD0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00EEAF7C17_2_00EEAF7C
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00ED625F20_2_00ED625F
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00ED65BE20_2_00ED65BE
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00DCD8F720_2_00DCD8F7
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00DAF8AB20_2_00DAF8AB
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00EE885C20_2_00EE885C
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00EDC99020_2_00EDC990
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00D92BB020_2_00D92BB0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00DC1BA220_2_00DC1BA2
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00DFBC2120_2_00DFBC21
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00DA4DD020_2_00DA4DD0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00EEAF7C20_2_00EEAF7C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00DDC98022_2_00DDC980
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_0103638B22_2_0103638B
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00DC93CC22_2_00DC93CC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00DDF36022_2_00DDF360
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00DC844022_2_00DC8440
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00DC15C322_2_00DC15C3
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00DF258022_2_00DF2580
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_0102347022_2_01023470
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_0102160422_2_01021604
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00DEF78022_2_00DEF780
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00DCC73E22_2_00DCC73E
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00E0C8D022_2_00E0C8D0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00DD696022_2_00DD6960
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00DC7BA022_2_00DC7BA0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_01027D3622_2_01027D36
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00E01C0022_2_00E01C00
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00F84DF022_2_00F84DF0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00DCCD1E22_2_00DCCD1E
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00F84D2022_2_00F84D20
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00DC8FC522_2_00DC8FC5
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00E18F2D22_2_00E18F2D
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DC6F022_2_667DC6F0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D66A222_2_667D66A2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DD72022_2_667DD720
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D771C22_2_667D771C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D870022_2_667D8700
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D97F022_2_667D97F0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DB7F022_2_667DB7F0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667C143922_2_667C1439
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D84E222_2_667D84E2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DB4EC22_2_667DB4EC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D74C022_2_667D74C0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DE49022_2_667DE490
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667E057122_2_667E0571
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DA5A922_2_667DA5A9
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D820022_2_667D8200
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DC33022_2_667DC330
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D93A022_2_667D93A0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DF05022_2_667DF050
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D90D022_2_667D90D0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DE0B022_2_667DE0B0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DB08C22_2_667DB08C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DA17022_2_667DA170
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DD10022_2_667DD100
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667C21E022_2_667C21E0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667CEE4022_2_667CEE40
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D2E0022_2_667D2E00
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D9EB022_2_667D9EB0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DBF1022_2_667DBF10
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D6FF022_2_667D6FF0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D7FE622_2_667D7FE6
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D0F8022_2_667D0F80
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D6C3022_2_667D6C30
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DBC0422_2_667DBC04
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D7CAC22_2_667D7CAC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667CEC9022_2_667CEC90
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D8C8022_2_667D8C80
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667C1D5022_2_667C1D50
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DAD4622_2_667DAD46
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D0D0022_2_667D0D00
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DCD0022_2_667DCD00
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_66818D2A22_2_66818D2A
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D9A7022_2_667D9A70
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D7A5022_2_667D7A50
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DDAC022_2_667DDAC0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DEA9022_2_667DEA90
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D0A8922_2_667D0A89
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667CF85922_2_667CF859
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_6685B8E822_2_6685B8E8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667C18F022_2_667C18F0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667DA8EC22_2_667DA8EC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D695022_2_667D6950
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667D89F022_2_667D89F0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_6685E91522_2_6685E915
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: String function: 00ECC46F appears 63 times
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: String function: 00ECC43C appears 189 times
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: String function: 00ECC630 appears 71 times
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: String function: 000C2070 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: String function: 00BD9AB6 appears 47 times
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: String function: 00BDC52F appears 37 times
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: String function: 00BE834C appears 49 times
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: String function: 0101F820 appears 33 times
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: String function: 0101FEA7 appears 76 times
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: String function: 00DC2610 appears 50 times
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: String function: 6681C311 appears 56 times
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: winsta.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wbemcomn.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: amsi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: edputil.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: appresolver.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: bcp47langs.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: slc.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: sppc.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: usp10.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: hid.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: credui.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3d9.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxva2.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: esent.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wevtapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kbdus.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nlaapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mscms.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: audioses.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mmdevapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wlanapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: omadmapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iri.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winsta.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: twinapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dataexchange.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: explorerframe.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: atlthunk.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: firewallapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: fwbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: xinput1_4.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: xinput1_4.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: inputhost.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wscapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: samlib.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptnet.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: usp10.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: usp10.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: usp10.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: hid.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: credui.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3d9.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxva2.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: esent.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wevtapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: node.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: node.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: napinsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: pnrpnsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wshbth.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nlaapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winrnr.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: usp10.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: hid.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: credui.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3d9.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxva2.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: esent.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wevtapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mfplat.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rtworkq.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msmpeg2vdec.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mfperfhelper.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msvproc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3dcompiler_47.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3dcompiler_47.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ddraw.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dciman32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: comppkgsup.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: windows.media.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mfh264enc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: windows.applicationmodel.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm_translator.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm_translator.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm_translator.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm_translator.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: libgles_cm_translator.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: usp10.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: hid.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: credui.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netapi32.dll
Source: Setup (1).exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal60.spyw.evad.winEXE@53/204@23/14
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00DD1790 FormatMessageA,GetLastError,22_2_00DD1790
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,8_2_0040352D
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: 11_2_00BE1175 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueA,GetLastError,AdjustTokenPrivileges,GetLastError,GetLastError,FindCloseChangeNotification,11_2_00BE1175
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00D92AF0 LookupPrivilegeValueW,GetCurrentProcess,OpenProcessToken,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,GetLastError,17_2_00D92AF0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00D92AF0 LookupPrivilegeValueW,GetCurrentProcess,OpenProcessToken,AdjustTokenPrivileges,GetLastError,CloseHandle,GetLastError,20_2_00D92AF0
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_0040429B GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_0040429B
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_00402036 CoCreateInstance,MultiByteToWideChar,0_2_00402036
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00D97320 FindResourceW,LoadResource,LockResource,SizeofResource,17_2_00D97320
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 16_2_000C1050 StartServiceCtrlDispatcherW,GetLastError,16_2_000C1050
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 16_2_000C1050 StartServiceCtrlDispatcherW,GetLastError,16_2_000C1050
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Program Files (x86)\Fast!Jump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\SetupEngine[1].exeJump to behavior
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8036:120:WilError_03
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ChromeProcessSingletonStartup!
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Temp\nso4714.tmpJump to behavior
Source: Setup (1).exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\Desktop\Setup (1).exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: diskspd.exeString found in binary or memory: <LoadImage>%I64u</LoadImage>
Source: diskspd.exeString found in binary or memory: Error creating/opening wait-for-start event: '%s'
Source: diskspd.exeString found in binary or memory: Error creating/opening force-stop event: '%s'
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: C:\Users\user\Desktop\Setup (1).exeFile read: C:\Users\user\Desktop\Setup (1).exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Setup (1).exe C:\Users\user\Desktop\Setup (1).exe
Source: C:\Users\user\Desktop\Setup (1).exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2088,i,7827127790469141543,7721217592349292096,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\Setup (1).exeProcess created: C:\Users\user\AppData\Local\Temp\SetupEngine.exe "C:\Users\user\AppData\Local\Temp\SetupEngine.exe"
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp" > C:\Users\user\AppData\Local\Temp\dskres.xml
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\diskspd.exe C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Users\user\AppData\Local\Temp\SetupResources.exe C:\Users\user\AppData\Local\Temp\SetupResources.exe
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=
Source: unknownProcess created: C:\Program Files (x86)\Fast!\FastSRV.exe C:\Program Files (x86)\Fast!\FastSRV.exe
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\fast!\fast!.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1916,i,5467394529927478495,12224471983908460789,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\fast!\fast!.exe
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\Fast!\Fast!.exe
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win32 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x2d0,0x2d4,0x2d8,0x2cc,0x2dc,0x6b77693c,0x6b77694c,0x6b77695c
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x1e4,0x1e8,0x1ec,0x1dc,0x1f0,0x113482c,0x113483c,0x113484c
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --no-sandbox --no-zygote --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --service-pipe-token=8105DEE737FAB8EA109B16EF340D3C98 --lang=en-GB --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=8105DEE737FAB8EA109B16EF340D3C98 --renderer-client-id=2 --mojo-platform-channel-handle=2304 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --use-gl=swiftshader-webgl --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0405 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=FD389EC5CD9C89122ED5B3B0DEEB4EE8 --mojo-platform-channel-handle=2920 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --lang=en-GB --no-sandbox --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=AA0F20FA834DC6E5A78D4F769174833B --mojo-platform-channel-handle=3244 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --lang=en-GB --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=13E732A3972A8DB0A295812B28F54687 --mojo-platform-channel-handle=3060 /prefetch:8
Source: C:\Users\user\Desktop\Setup (1).exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67Jump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess created: C:\Users\user\AppData\Local\Temp\SetupEngine.exe "C:\Users\user\AppData\Local\Temp\SetupEngine.exe" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2088,i,7827127790469141543,7721217592349292096,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp" > C:\Users\user\AppData\Local\Temp\dskres.xmlJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Users\user\AppData\Local\Temp\SetupResources.exe C:\Users\user\AppData\Local\Temp\SetupResources.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\Fast!\Fast!.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\diskspd.exe C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1916,i,5467394529927478495,12224471983908460789,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\fast!\fast!.exeJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\fast!\fast!.exeJump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win32 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x2d0,0x2d4,0x2d8,0x2cc,0x2dc,0x6b77693c,0x6b77694c,0x6b77695c
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --no-sandbox --no-zygote --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --service-pipe-token=8105DEE737FAB8EA109B16EF340D3C98 --lang=en-GB --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=8105DEE737FAB8EA109B16EF340D3C98 --renderer-client-id=2 --mojo-platform-channel-handle=2304 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --use-gl=swiftshader-webgl --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0405 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=FD389EC5CD9C89122ED5B3B0DEEB4EE8 --mojo-platform-channel-handle=2920 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --lang=en-GB --no-sandbox --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=AA0F20FA834DC6E5A78D4F769174833B --mojo-platform-channel-handle=3244 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --lang=en-GB --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=13E732A3972A8DB0A295812B28F54687 --mojo-platform-channel-handle=3060 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x1e4,0x1e8,0x1ec,0x1dc,0x1f0,0x113482c,0x113483c,0x113484c
Source: C:\Users\user\Desktop\Setup (1).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: Google Drive.lnk.3.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.3.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.3.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.3.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.3.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.3.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Fast!.lnk.8.drLNK file: ..\..\..\Program Files (x86)\Fast!\fast!.exe
Source: Uninstall.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\Fast!\uninstaller.exe
Source: Fast!.lnk0.8.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\Fast!\fast!.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Setup (1).exeStatic PE information: certificate valid
Source: Binary string: E:\build\nw26_win32\node-webkit\src\outst\nw\initialexe\nw.exe.pdb source: nw.exe, 00000016.00000002.2748877399.00000000010F6000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: z:\rs1.obj.x86fre\sdktools\srvperf\diskspd.oss\cmdrequestcreator\objfre\i386\diskspd.pdb source: diskspd.exe, diskspd.exe, 0000000B.00000000.1719006175.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp
Source: Binary string: C:\Build\Build_vfs_2.305_D20231117T113317\veryfast.io\FastSRV\Release\FastSRV.pdb source: FastSRV.exe, 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmp, FastSRV.exe, 00000010.00000000.1999646117.00000000000CE000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\Build\Build_vfs_2.305_D20231117T113317\veryfast.io\proc_booster\Release-Booster\proc_booster.pdb source: fast!.exe, 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000011.00000000.2003989054.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000014.00000002.2008083677.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000014.00000000.2006991802.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000015.00000002.2011583332.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000015.00000000.2009601912.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: z:\rs1.obj.x86fre\sdktools\srvperf\diskspd.oss\cmdrequestcreator\objfre\i386\diskspd.pdbGCTL source: diskspd.exe, 0000000B.00000000.1719006175.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp
Source: Binary string: C:\Build\Build_vfs_2.305_D20231117T113317\veryfast.io\proc_booster\Release-Booster\proc_booster.pdbs source: fast!.exe, 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000011.00000000.2003989054.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000014.00000002.2008083677.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000014.00000000.2006991802.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000015.00000002.2011583332.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp, fast!.exe, 00000015.00000000.2009601912.0000000000EFC000.00000002.00000001.01000000.00000015.sdmp
Source: d3dcompiler_47.dll.14.drStatic PE information: 0x9255B290 [Sat Oct 19 09:23:28 2047 UTC]
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00D92BB0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,K32EnumProcesses,OpenProcess,K32GetProcessImageFileNameW,FindCloseChangeNotification,GetModuleHandleW,GetProcAddress,OpenProcess,NtQueryInformationProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,NtSetInformationProcess,NtSetInformationProcess,CloseHandle,Sleep,Sleep,17_2_00D92BB0
Source: libEGL.dll.14.drStatic PE information: real checksum: 0x0 should be: 0x25219
Source: System.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xdc5a
Source: node.dll.14.drStatic PE information: real checksum: 0x0 should be: 0x5895e2
Source: libEGL.dll0.14.drStatic PE information: real checksum: 0x0 should be: 0x186cd
Source: INetC.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xa6c6
Source: libGLESv2.dll0.14.drStatic PE information: real checksum: 0x0 should be: 0x30ef09
Source: libGLESv2.dll.14.drStatic PE information: real checksum: 0x0 should be: 0x1f9bbb
Source: System.dll.8.drStatic PE information: real checksum: 0x0 should be: 0x3d68
Source: uninstaller.exe.8.drStatic PE information: real checksum: 0x31dffb should be: 0x7f61c
Source: WmiInspector.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x21d6b
Source: nsExec.dll.8.drStatic PE information: real checksum: 0x0 should be: 0xde0c
Source: nw_elf.dll.14.drStatic PE information: real checksum: 0x0 should be: 0x71657
Source: ffmpeg.dll.14.drStatic PE information: real checksum: 0x0 should be: 0x11e112
Source: SimpleSC.dll.8.drStatic PE information: real checksum: 0x0 should be: 0x1119d4
Source: nsDialogs.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xa70c
Source: inetc.dll.8.drStatic PE information: real checksum: 0x0 should be: 0x13c41
Source: SimpleSC.dll.8.drStatic PE information: section name: .didata
Source: nw.dll.14.drStatic PE information: section name: _text32
Source: nw.dll.14.drStatic PE information: section name: .rodata
Source: nw.dll.14.drStatic PE information: section name: CPADinfo
Source: nw.exe.14.drStatic PE information: section name: _text32
Source: nw.exe.14.drStatic PE information: section name: .didat
Source: nw.exe.14.drStatic PE information: section name: CPADinfo
Source: nw_elf.dll.14.drStatic PE information: section name: .crthunk
Source: nw_elf.dll.14.drStatic PE information: section name: CPADinfo
Source: ffmpeg.dll.14.drStatic PE information: section name: .rodata
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_3_02F51BD0 push eax; iretd 8_3_02F51BE1
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_3_02F595C0 push ds; retf 8_3_02F596F1
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: 11_2_00BED0E7 push ecx; ret 11_2_00BED0FA
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: 11_2_00BED7A9 push ecx; ret 11_2_00BED7BC
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 16_2_000CDB61 push ecx; ret 16_2_000CDB74
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00ECC40A push ecx; ret 17_2_00ECC41D
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00ECC95F push ecx; ret 17_2_00ECC980
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00ECC40A push ecx; ret 20_2_00ECC41D
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00ECC95F push ecx; ret 20_2_00ECC980
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00DC61C4 push esi; ret 22_2_00DC61C6
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00DC61B0 push esi; ret 22_2_00DC61B2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_0108D0DF push ecx; ret 22_2_0108D0F2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_0101F866 push ecx; ret 22_2_0101F879
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00DC0C85 push ss; ret 22_2_00DC0C86
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_6685A786 push ecx; ret 22_2_6685A799
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667C5423 push ebx; ret 22_2_667C5425
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667C34B4 push ss; retf 22_2_667C34B5
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667C5542 push ebx; ret 22_2_667C5544
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667C104F push cs; ret 22_2_667C1054
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667C4E9A push ebx; ret 22_2_667C4E9C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667C4F98 push ebx; ret 22_2_667C4F9A
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_667C4D3A push ebx; ret 22_2_667C4D3C
Source: ffmpeg.dll.14.drStatic PE information: section name: .text entropy: 6.847400991164348

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: __EH_prolog3_GS,srand,GetCurrentThread,SetThreadGroupAffinity,atoi,sprintf_s,isalpha,sprintf_s,CreateFileA,SetFileInformationByHandle,GetFileSize,GetLastError,__aulldiv,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetFilePointerEx,GetLastError,GetLastError,GetLastError,GetLastError,WaitForSingleObject,GetLastError,Sleep,ReadFile,WriteFile,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetFilePointerEx,GetLastError,CreateIoCompletionPort,GetLastError,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WaitForSingleObject,VirtualFree,FindCloseChangeNotification,CloseHandle,??3@YAXPAX@Z, \\.\PhysicalDrive%u11_2_00BE1F60
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\SetupEngine[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Temp\SetupResources.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\node.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\nw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\Temp\diskspd.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\SetupResources[1].exeJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Temp\SetupEngine.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\uninstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\SimpleSC.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Temp\nsd4724.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\swiftshader\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\fast!.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\FastSRV.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Temp\nsd4724.tmp\WmiInspector.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Temp\nsd4724.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\nw.exeJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeFile created: C:\Users\user\AppData\Local\Temp\nsd4724.tmp\INetC.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeFile created: C:\Program Files (x86)\Fast!\nwjs\nw_elf.dllJump to dropped file

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: __EH_prolog3_GS,srand,GetCurrentThread,SetThreadGroupAffinity,atoi,sprintf_s,isalpha,sprintf_s,CreateFileA,SetFileInformationByHandle,GetFileSize,GetLastError,__aulldiv,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetFilePointerEx,GetLastError,GetLastError,GetLastError,GetLastError,WaitForSingleObject,GetLastError,Sleep,ReadFile,WriteFile,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetFilePointerEx,GetLastError,CreateIoCompletionPort,GetLastError,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WaitForSingleObject,VirtualFree,FindCloseChangeNotification,CloseHandle,??3@YAXPAX@Z, \\.\PhysicalDrive%u11_2_00BE1F60
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!\Uninstall.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!\Fast!.lnkJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 16_2_000C1050 StartServiceCtrlDispatcherW,GetLastError,16_2_000C1050
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00DE3213 __EH_prolog3_GS,GetParent,GetParent,UpdateWindow,SetCursor,GetAsyncKeyState,InvalidateRect,InflateRect,RedrawWindow,InvalidateRect,InflateRect,UpdateWindow,InflateRect,SetCapture,SetCursor,IsWindow,GetCursorPos,ScreenToClient,PtInRect,RedrawWindow,GetParent,GetParent,RedrawWindow,RedrawWindow,GetParent,GetParent,GetParent,InvalidateRect,UpdateWindow,UpdateWindow,NotifyWinEvent,NotifyWinEvent,SetCapture,RedrawWindow,SetRectEmpty,RedrawWindow,ReleaseCapture,SetCapture,ReleaseCapture,SetCapture,SendMessageW,UpdateWindow,SendMessageW,IsWindow,IsIconic,IsZoomed,IsWindow,UpdateWindow,20_2_00DE3213
Source: C:\Users\user\Desktop\Setup (1).exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Contains functionality to check if the process is started with administrator privileges
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00D92BB0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,K32EnumProcesses,OpenProcess,K32GetProcessImageFileNameW,FindCloseChangeNotification,GetModuleHandleW,GetProcAddress,OpenProcess,NtQueryInformationProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,NtSetInformationProcess,NtSetInformationProcess,CloseHandle,Sleep,Sleep,17_2_00D92BB0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00D92BB0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,EnumProcesses,OpenProcess,GetProcessImageFileNameW,CloseHandle,GetModuleHandleW,GetProcAddress,OpenProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,CloseHandle,Sleep,Sleep,20_2_00D92BB0
Found API chain indicative of sandbox detection
Source: C:\Program Files (x86)\Fast!\fast!.exeSandbox detection routine: GetCursorPos, DecisionNode, Sleep
Found stalling execution ending in API Sleep call
Source: C:\Program Files (x86)\Fast!\fast!.exeStalling execution: Execution stalls by calling Sleep
Source: C:\Program Files (x86)\Fast!\FastSRV.exeStalling execution: Execution stalls by calling Sleep
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Caption from Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Size from Win32_DiskDrive
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00DD2D10 rdtsc 22_2_00DD2D10
Source: C:\Program Files (x86)\Fast!\FastSRV.exeWindow / User API: threadDelayed 4054Jump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeWindow / User API: threadDelayed 5943Jump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exeWindow / User API: threadDelayed 3669
Source: C:\Program Files (x86)\Fast!\fast!.exeWindow / User API: foregroundWindowGot 1635
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\swiftshader\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\nw.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd4724.tmp\WmiInspector.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd4724.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\uninstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\SimpleSC.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd4724.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Setup (1).exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsd4724.tmp\INetC.dllJump to dropped file
Source: C:\Program Files (x86)\Fast!\fast!.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Program Files (x86)\Fast!\fast!.exeEvasive API call chain: RegQueryValue,DecisionNodes,Sleep
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeAPI coverage: 8.9 %
Source: C:\Program Files (x86)\Fast!\fast!.exeAPI coverage: 8.1 %
Source: C:\Program Files (x86)\Fast!\fast!.exeAPI coverage: 3.6 %
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeAPI coverage: 7.1 %
Source: C:\Windows\System32\svchost.exe TID: 7204Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exe TID: 7836Thread sleep count: 4054 > 30Jump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exe TID: 7836Thread sleep time: -8108000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exe TID: 7836Thread sleep count: 5943 > 30Jump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exe TID: 7836Thread sleep time: -11886000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 7816Thread sleep count: 3669 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 7816Thread sleep time: -36690s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select ReleaseDate from Win32_BIOS
Source: C:\Users\user\Desktop\Setup (1).exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select UUID from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Vendor from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Version from Win32_ComputerSystemProduct
Source: C:\Program Files (x86)\Fast!\fast!.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Program Files (x86)\Fast!\FastSRV.exeLast function: Thread delayed
Source: C:\Program Files (x86)\Fast!\FastSRV.exeLast function: Thread delayed
Source: C:\Program Files (x86)\Fast!\fast!.exeLast function: Thread delayed
Source: C:\Program Files (x86)\Fast!\fast!.exeLast function: Thread delayed
Source: C:\Program Files (x86)\Fast!\fast!.exeThread sleep count: Count: 3669 delay: -10
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_004054C6 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054C6
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_00405E9C FindFirstFileA,FindClose,0_2_00405E9C
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_00402654 FindFirstFileA,0_2_00402654
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,8_2_00405C49
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_00406873 FindFirstFileW,FindClose,8_2_00406873
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeCode function: 8_2_0040290B FindFirstFileW,8_2_0040290B
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 14_2_00402654 FindFirstFileA,14_2_00402654
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 14_2_004054C6 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,14_2_004054C6
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeCode function: 14_2_00405E9C FindFirstFileA,FindClose,14_2_00405E9C
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 16_2_000C6CAD FindFirstFileExW,16_2_000C6CAD
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00D9E91D __EH_prolog3_GS,GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,17_2_00D9E91D
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00D9E91D __EH_prolog3_GS,GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,20_2_00D9E91D
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00E07210 FindFirstFileExW,FindNextFileW,FindClose,GetFileAttributesW,PathMatchSpecW,22_2_00E07210
Source: SetupEngine.exe, 00000008.00000003.1909253112.00000000046D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000008.00000003.1909199557.0000000000567000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: veryfast.io/register.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&ch=&version=2.305&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000008.00000003.1909253112.00000000046BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /register.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&ch=&version=2.305&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft Windows 10 Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000008.00000003.1909253112.00000000046C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/pixel.gif?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&version=2.305&evt_src=installer&evt_action=systeminfo&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft Windows 10 Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: fast!.exe, 00000011.00000003.2006306199.0000000000B21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: nw.exe, 00000016.00000002.2744752107.0000000000B2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;;5p
Source: SetupEngine.exe, 00000008.00000003.1909253112.00000000046D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GET /register.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&ch=&version=2.305&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft Windows 10 Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1)3m
Source: SetupEngine.exe, 00000008.00000003.1909253112.00000000046CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/register.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&ch=&version=2.305&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft Windows 10 Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000008.00000003.1909253112.00000000046D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: fast!.exe, 00000011.00000003.2006306199.0000000000B21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringComputer System ProductComputer System Product1AP1OD9AC52742-8547-84D6-5349-ECEC87A66D67VMware, Inc.Noney*
Source: Setup (1).exe, 00000000.00000003.2020337801.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.2020337801.0000000000739000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.2025253187.0000000000739000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2747335770.000002E33B42B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2758189375.000002E340A59000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.2011940187.000000000053F000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1711036742.000000000053F000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.2010341949.000000000053F000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.2009787407.000000000053F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: fast!.exe, 00000011.00000003.2006306199.0000000000B21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringComputer System ProductComputer System Product1AP1OD9AC52742-8547-84D6-5349-ECEC87A66D67VMware, Inc.None3
Source: SetupEngine.exe, 00000008.00000003.1909253112.00000000046D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000R)%2--
Source: SetupEngine.exe, 00000008.00000003.1909253112.00000000046C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PdO&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft Windows 10 Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=
Source: SetupEngine.exe, 00000008.00000002.2013204330.00000000046B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&version=2.305&evt_src=installer&evt_action=systeminfo&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000~
Source: SetupEngine.exe, 00000008.00000002.2013204330.00000000046B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/pixel.gif?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&version=2.305&evt_src=installer&evt_action=systeminfo&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000v
Source: nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpBinary or memory string: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAFwklEQVR4XuVb208cVRgftYm+eYkv3hofjMY3fdPEGB/8E4wmJkoL0pLWWIha8GnbIixFWrvEitxauRQpsLDLZUHALnR3Z8ultaa4zOyKxoTEB6NpKrNnZ84wx/Ptw6SlLOzlnNmZcJJfstmZPXN+33znfNcVeA5CyAOhNbI/KunviTJ2i7LuE+P6zbCs/SVKGgpL2iYAPsN3cA3uicRxvZjQ311MGM8JDhtA+sGIrL1JSTSLcbxGSZGCIOHf6DyeqKS9AXPblri4YjwRies1lPjvmciwEAZ9RnXoT/K4bYgvS+RJSrqRqrICBKxAOK5tiDJuAKEXjXgwSPbRt3GMEr8NBIoCWftXlPWPBwh5yFLyUdl4mRJYoiB2AH0R18KrxkuWkKcPK4VTGwjYCektKOslXFVelPF5IGBngPVhviWCf5BHREkfAwJOAPgSsGZm5COSPm0ScI4QpmDtBau9+eadiZGCtoO5550MGZ/Lj3xcLzMJOByRhP5Bznaer6mz3kQuxIwXs9/3/J0c6yHp0azMI7i3PAkEf8Wk66pGzoyr5NRwCpD+3B3SyBy9xtljPLJrYMPLt59dwcQ9qpIDrUnyYcv2OEivNdB7rqxgXkHUPztGkhDV8SB/OaqR8nYEJLPC4Q5EBq5hXp5iXcZ4nkdI2xfRyIHvgFhugN/0iRoHIWj/UQfpse32fg1r8oGbmJSZKp87ytqSJPAL5uElfn5fGotHJqemHwGRgvBFP+JgFnHinvQa5PBYkx9ewkCACXxLmL0QEtrrdx9+zawfcHpUZSaAxjGVvUmU8VkzdW1mbxmisgcxE0BVD+JgEbAkwIC8PQ9zU9rGgrx5GPLxC1aNpwUoWvCYvCSj6cvLJPLyCd6BkNfNY/JDHey2wKFOxMk9xrUCpI94TF79AzsB1FxGvGIDrwD1OB6TfzPNzgp8O63yihBvCFCU5DH5zC1MDjI4ByBAmuUXHK0LPBMfZyYK14KzkyrPRElSgPI0rweEJB1seN7kP+1FdJFcM0WbXAUAmKVb4ZOu3IVQ2Y1M1ecqACtyf5DpOTmcypo8ZInmYtiSXKF5CFoB7yImrqEUHGz3kQbP8QS95s0Q+PA6BE0zaCVgX/uXMSQ80vBfx+nvirCO66YjtCch6UMQCtfvRfKmKwzdWHuRvBkMQSvaXhXAfMx4SoAB3VeWSFzWyfQtnE5x9Ysa6Qmlkf48sozT7nPEMguAY3cVQrGHOVmK8Z8xab+iknpfilT1IjB/Wfn+cG+dP0XagyqZuMHLLOImUwDQhMjqDUMRxE0XX3GBXThc0YnonCoZiGJ4Bhs3Pa69dk9aHPKChbi7nikVFgoEuAIE2/yjSn4qwE0OyzgOudCthZHqnF3cGIaIz1RtKwGeI0SK86t5aepnwtYBRUPowMySPKijqebFxJGLiAwu5KIN2p3lNfJoppaYhizIw8FmJj3tAFhL55yatfOzY8MztJ/uRL47rJESIGAzwJouRbRdLJP2t1kYzQTovd2puaHczPbaD1BWn4vtWBQ9LOw2oI0kHNcXMqg+ELAxMm8Fyimc9f8NoPEY8mVbJgH7bncBQE1y254AMWG8kGOPoF6ydSKX1/4COOVNbacB7+fZGY6bHS8AcHnzHXAeQMLEsQKQ9UHY94V3isv6lMMEAMFYIBA3HmbWMQ6Nx04RALx5JuS3bgdqBa7aXQANfiXI9T9Ebl/qfFnrhmE34rCm0/6kR7BiNE/ityt7lDt2IV/Vm7z99Qx+S7ByuAjZV+dDfeVtxdOG8g5l80tfqttU+WKgZRI97/KiMKigdequGCeH0bwnaDwr2GWcm0nurx1Rx45e3NB4ET96QVFrh5P+llnjGVv/ebppQv3INYSWYcEFk/5eSbkG0WJTAJWaaSwnwRNQX20YRU0nhlDoeF9qvbI7qVR0KHppqwKJjDTgM3x3rEtRjl9C63Cvewx91TiuvsKbwP/OVp2D40M/7QAAAABJRU5ErkJggg==) 1x,
Source: SetupEngine.exe, 00000008.00000003.1909253112.00000000046D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/register.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&ch=&version=2.305&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000008.00000003.1909253112.00000000046D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/register.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&ch=&version=2.305&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000w
Source: SetupEngine.exe, 00000008.00000003.1909199557.0000000000567000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s://veryfast.io/register.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&ch=&version=2.305&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpBinary or memory string: &dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft Windows 10 Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exeBinary or memory string: ogicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&d
Source: SetupEngine.exe, 00000008.00000003.1909253112.00000000046D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Cache-Controlno-cache/register.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&ch=&version=2.305&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000008.00000003.1909253112.00000000046BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&ch=&version=2.305&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft Windows 10 Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000008.00000002.2011940187.00000000004E2000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.2010341949.00000000004E2000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.2009787407.00000000004E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@hT%SystemRoot%\system32\mswsock.dllM
Source: SetupEngine.exe, 00000008.00000002.2013204330.00000000046B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/pixel.gif?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&version=2.305&evt_src=installer&evt_action=systeminfo&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000c
Source: SetupEngine.exe, 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpBinary or memory string: "C:\Program Files (x86)\Fast!\Fast!.exe"8.tmp\inetc.dllllion\chrome.exeeVDuLVpYRVRVVMJIKGTyCIFFHFf\xKcRcLQkmmjSKjKiw.exeechitecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000C:\Users\user\AppData\Local\Temp\nsf9748.tmp\inetc.dllllD6-5349-ECEC87A66D67&_fcid=kC:\Users\user\AppData\Local\Temp\nsf9748.tmp.exe" C:\Users\user\AppData\Local\Temp\nsf9748.tmp\inetc.dllll49-ECEC87A66D67&_fcid=Setup was completed successfully.nstalled.
Source: SetupEngine.exe, 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpBinary or memory string: Remove folder: ted successfully.!.exe"8.tmp\inetc.dll9-ECEC87A66D67&_fcid=&version=2.305&evt_src=installer&evt_action=donechitecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000ze=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000sedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000008.00000003.1909253112.00000000046D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+0002
Source: SetupEngine.exe, 00000008.00000003.1909253112.00000000046D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hostveryfast.ioGET /register.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&ch=&version=2.305&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1;6m
Source: SetupEngine.exe, 00000008.00000003.1909253112.00000000046D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: =Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1
Source: SetupEngine.exe, 00000008.00000003.2009787407.0000000000555000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&ch=&version=2.305&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000008.00000003.1909253112.00000000046D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Cache-Controlno-cache/register.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&ch=&version=2.305&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000K
Source: SetupEngine.exe, 00000008.00000003.1909253112.00000000046D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ister.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&ch=&version=2.305&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000100@@
Source: C:\Users\user\Desktop\Setup (1).exeAPI call chain: ExitProcess graph end nodegraph_0-3074
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeAPI call chain: ExitProcess graph end nodegraph_8-3487
Source: C:\Users\user\AppData\Local\Temp\SetupResources.exeAPI call chain: ExitProcess graph end nodegraph_14-3049
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Found API chain indicative of debugger detection
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_11-5620
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_00DD2D10 rdtsc 22_2_00DD2D10
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 16_2_000C15FE IsDebuggerPresent,OutputDebugStringW,16_2_000C15FE
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00D99539 OutputDebugStringA,GetLastError,17_2_00D99539
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00D92BB0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,K32EnumProcesses,OpenProcess,K32GetProcessImageFileNameW,FindCloseChangeNotification,GetModuleHandleW,GetProcAddress,OpenProcess,NtQueryInformationProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,NtSetInformationProcess,NtSetInformationProcess,CloseHandle,Sleep,Sleep,17_2_00D92BB0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_0102F119 mov eax, dword ptr fs:[00000030h]22_2_0102F119
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_6686A98E mov eax, dword ptr fs:[00000030h]22_2_6686A98E
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 16_2_000C8275 GetProcessHeap,16_2_000C8275
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: 11_2_00BED5FA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00BED5FA
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 16_2_000C1E96 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_000C1E96
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 16_2_000C4769 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_000C4769
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 16_2_000C1B90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_000C1B90
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 16_2_000C1FFB SetUnhandledExceptionFilter,16_2_000C1FFB
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00ED28FB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_00ED28FB
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00ECBF90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,17_2_00ECBF90
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00ED28FB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,20_2_00ED28FB
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 20_2_00ECBF90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,20_2_00ECBF90
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_010711E5 SetUnhandledExceptionFilter,22_2_010711E5
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_01007387 SetUnhandledExceptionFilter,22_2_01007387
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_010072AC SetUnhandledExceptionFilter,SetConsoleCtrlHandler,new,__Init_thread_footer,22_2_010072AC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_010258DC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_010258DC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_0101ED15 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_0101ED15
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_6686B7DC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_6686B7DC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_6685A5C0 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_6685A5C0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 22_2_66859281 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_66859281
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,K32EnumProcesses,OpenProcess,K32GetProcessImageFileNameW,FindCloseChangeNotification,GetModuleHandleW,GetProcAddress,OpenProcess,NtQueryInformationProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,NtSetInformationProcess,NtSetInformationProcess,CloseHandle,Sleep,Sleep, svchost.exe17_2_00D92BB0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,K32EnumProcesses,OpenProcess,K32GetProcessImageFileNameW,FindCloseChangeNotification,GetModuleHandleW,GetProcAddress,OpenProcess,NtQueryInformationProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,NtSetInformationProcess,NtSetInformationProcess,CloseHandle,Sleep,Sleep, explorer.exe17_2_00D92BB0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,EnumProcesses,OpenProcess,GetProcessImageFileNameW,CloseHandle,GetModuleHandleW,GetProcAddress,OpenProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,CloseHandle,Sleep,Sleep, svchost.exe20_2_00D92BB0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcessId,Sleep,GetAsyncKeyState,Sleep,Sleep,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetCursorPos,EnumProcesses,OpenProcess,GetProcessImageFileNameW,CloseHandle,GetModuleHandleW,GetProcAddress,OpenProcess,CloseHandle,WindowFromPoint,GetWindowThreadProcessId,GetWindowThreadProcessId,GetForegroundWindow,GetWindowThreadProcessId,GetWindowTextW,PostMessageW,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WriteFile,GetActiveWindow,GetWindowThreadProcessId,GetWindowTextW,OpenProcess,SetPriorityClass,SetProcessPriorityBoost,CloseHandle,Sleep,Sleep, explorer.exe20_2_00D92BB0
Source: C:\Users\user\Desktop\Setup (1).exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67Jump to behavior
Source: C:\Users\user\Desktop\Setup (1).exeProcess created: C:\Users\user\AppData\Local\Temp\SetupEngine.exe "C:\Users\user\AppData\Local\Temp\SetupEngine.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp" > C:\Users\user\AppData\Local\Temp\dskres.xmlJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\diskspd.exe C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp Jump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win32 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x2d0,0x2d4,0x2d8,0x2cc,0x2dc,0x6b77693c,0x6b77694c,0x6b77695c
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --no-sandbox --no-zygote --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --service-pipe-token=8105DEE737FAB8EA109B16EF340D3C98 --lang=en-GB --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=8105DEE737FAB8EA109B16EF340D3C98 --renderer-client-id=2 --mojo-platform-channel-handle=2304 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --use-gl=swiftshader-webgl --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0405 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=FD389EC5CD9C89122ED5B3B0DEEB4EE8 --mojo-platform-channel-handle=2920 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --lang=en-GB --no-sandbox --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=AA0F20FA834DC6E5A78D4F769174833B --mojo-platform-channel-handle=3244 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --lang=en-GB --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=13E732A3972A8DB0A295812B28F54687 --mojo-platform-channel-handle=3060 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x1e4,0x1e8,0x1ec,0x1dc,0x1f0,0x113482c,0x113483c,0x113484c
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\fast!\user data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=c:\users\user\appdata\local\fast!\user data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\fast!\user data\crashpad" "--metrics-dir=c:\users\user\appdata\local\fast!\user data" --annotation=plat=win32 --annotation=prod=fast! --annotation=ver= --initial-client-data=0x2d0,0x2d4,0x2d8,0x2cc,0x2dc,0x6b77693c,0x6b77694c,0x6b77695c
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\fast!\user data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\fast!\user data\crashpad" --annotation=plat=win32 --annotation=prod=fast! --annotation=ver= --initial-client-data=0x1e4,0x1e8,0x1ec,0x1dc,0x1f0,0x113482c,0x113483c,0x113484c
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=renderer --no-sandbox --no-zygote --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --service-pipe-token=8105dee737fab8ea109b16ef340d3c98 --lang=en-gb --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowfetchfordocwrittenscriptsinmainframe=false,disallowfetchfordocwrittenscriptsinmainframeonslowconnections=true,cssexternalscannernopreload=false,cssexternalscannerpreload=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=8105dee737fab8ea109b16ef340d3c98 --renderer-client-id=2 --mojo-platform-channel-handle=2304 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=gpu-process --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --use-gl=swiftshader-webgl --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0405 --gpu-driver-vendor="google inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --service-request-channel-token=fd389ec5cd9c89122ed5b3b0deeb4ee8 --mojo-platform-channel-handle=2920 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --lang=en-gb --no-sandbox --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --service-request-channel-token=aa0f20fa834dc6e5a78d4f769174833b --mojo-platform-channel-handle=3244 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --lang=en-gb --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --service-request-channel-token=13e732a3972a8db0a295812b28f54687 --mojo-platform-channel-handle=3060 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\fast!\user data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=c:\users\user\appdata\local\fast!\user data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\fast!\user data\crashpad" "--metrics-dir=c:\users\user\appdata\local\fast!\user data" --annotation=plat=win32 --annotation=prod=fast! --annotation=ver= --initial-client-data=0x2d0,0x2d4,0x2d8,0x2cc,0x2dc,0x6b77693c,0x6b77694c,0x6b77695c
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=renderer --no-sandbox --no-zygote --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --service-pipe-token=8105dee737fab8ea109b16ef340d3c98 --lang=en-gb --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowfetchfordocwrittenscriptsinmainframe=false,disallowfetchfordocwrittenscriptsinmainframeonslowconnections=true,cssexternalscannernopreload=false,cssexternalscannerpreload=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=8105dee737fab8ea109b16ef340d3c98 --renderer-client-id=2 --mojo-platform-channel-handle=2304 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=gpu-process --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --use-gl=swiftshader-webgl --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0405 --gpu-driver-vendor="google inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --service-request-channel-token=fd389ec5cd9c89122ed5b3b0deeb4ee8 --mojo-platform-channel-handle=2920 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --lang=en-gb --no-sandbox --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --service-request-channel-token=aa0f20fa834dc6e5a78d4f769174833b --mojo-platform-channel-handle=3244 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --lang=en-gb --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --service-request-channel-token=13e732a3972a8db0a295812b28f54687 --mojo-platform-channel-handle=3060 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\fast!\user data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\fast!\user data\crashpad" --annotation=plat=win32 --annotation=prod=fast! --annotation=ver= --initial-client-data=0x1e4,0x1e8,0x1ec,0x1dc,0x1f0,0x113482c,0x113483c,0x113484c
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 16_2_000C1CB2 cpuid 16_2_000C1CB2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: GetLocaleInfoW,22_2_0103F180
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,22_2_0103F079
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: EnumSystemLocalesW,22_2_0103A0ED
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,22_2_0103F24D
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: GetLocaleInfoW,22_2_0103A700
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,22_2_0103E902
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: EnumSystemLocalesW,22_2_0103EB89
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: EnumSystemLocalesW,22_2_0103EBD4
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: GetLocaleInfoW,22_2_0103EAE0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,22_2_0103ED00
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: EnumSystemLocalesW,22_2_0103EC6F
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: GetLocaleInfoW,22_2_0103EF50
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\MANIFEST-000001 VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\js\ui.bin VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\nwjs\nw.exe VolumeInformation
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00D94F80 OpenEventW,PulseEvent,CreateEventW,GetNativeSystemInfo,GetCurrentProcess,IsWow64Process,wsprintfW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,wsprintfW,wsprintfW,wsprintfW,RegCreateKeyW,RegQueryValueW,CloseHandle,CloseHandle,CloseHandle,CreateNamedPipeW,Sleep,Sleep,GetModuleFileNameW,ShellExecuteW,Sleep,17_2_00D94F80
Source: C:\Users\user\AppData\Local\Temp\diskspd.exeCode function: 11_2_00BED498 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,11_2_00BED498
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00EE324F GetTimeZoneInformation,17_2_00EE324F
Source: C:\Users\user\Desktop\Setup (1).exeCode function: 0_2_0040310D EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040310D
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiSpywareProduct
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from FirewallProduct

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\FAST!\User Data\Default\History

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		141
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		1
OS Credential Dumping		2
System Time Discovery		Remote Services1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomains1
Replication Through Removable Media		3
Native API		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		3
Obfuscated Files or Information		21
Input Capture		11
Peripheral Device Discovery		Remote Desktop Protocol1
Data from Local System		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts112
Command and Scripting Interpreter		1
Valid Accounts		1
Valid Accounts		1
Software Packing		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares21
Input Capture		3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts2
Service Execution		3
Windows Service		11
Access Token Manipulation		1
Timestomp		NTDS176
System Information Discovery		Distributed Component Object Model1
Clipboard Data		4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Registry Run Keys / Startup Folder		3
Windows Service		1
DLL Side-Loading		LSA Secrets1
Query Registry		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
Bootkit		22
Process Injection		1
DLL Search Order Hijacking		Cached Domain Credentials481
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		12
Masquerading		DCSync35
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Valid Accounts		Proc Filesystem1
Process Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt35
Virtualization/Sandbox Evasion		/etc/passwd and /etc/shadow11
Application Window Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
Access Token Manipulation		Network Sniffing1
Remote System Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd22
Process Injection		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
Bootkit		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1386890 Sample: Setup (1).exe Startdate: 05/02/2024 Architecture: WINDOWS Score: 60 87 www.google.com 2->87 89 veryfast.io 2->89 91 3 other IPs or domains 2->91 113 Multi AV Scanner detection for dropped file 2->113 115 Very long command line found 2->115 117 Found stalling execution ending in API Sleep call 2->117 119 2 other signatures 2->119 10 Setup (1).exe 46 2->10         started        14 FastSRV.exe 2->14         started        16 svchost.exe 1 1 2->16         started        signatures3 process4 dnsIp5 105 d1uyoz7mfvzv4e.cloudfront.net 18.67.65.20, 443, 49737 MIT-GATEWAYSUS United States 10->105 107 veryfast.io 161.35.127.181, 443, 49709, 49713 DIGITALOCEAN-ASNUS United States 10->107 109 1791066845.rsc.cdn77.org 89.187.173.22, 443, 49728 CDN77GB Czech Republic 10->109 69 C:\Users\user\AppData\Local\...\nsDialogs.dll, PE32 10->69 dropped 71 C:\Users\user\AppData\...\WmiInspector.dll, PE32 10->71 dropped 73 C:\Users\user\AppData\...\SetupResources.exe, PE32 10->73 dropped 75 5 other files (3 malicious) 10->75 dropped 18 SetupEngine.exe 22 81 10->18         started        22 chrome.exe 8 10->22         started        25 fast!.exe 14->25         started        27 fast!.exe 14->27         started        111 127.0.0.1 unknown unknown 16->111 file6 process7 dnsIp8 61 C:\Users\user\AppData\Local\...\inetc.dll, PE32 18->61 dropped 63 C:\Users\user\AppData\Local\...\SimpleSC.dll, PE32 18->63 dropped 65 C:\Users\user\AppData\Local\...\diskspd.exe, PE32 18->65 dropped 67 5 other files (2 malicious) 18->67 dropped 121 Multi AV Scanner detection for dropped file 18->121 123 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 18->123 29 cmd.exe 2 18->29         started        31 SetupResources.exe 79 18->31         started        34 chrome.exe 18->34         started        36 fast!.exe 18->36         started        93 192.168.2.5 unknown unknown 22->93 95 192.168.2.6 unknown unknown 22->95 97 2 other IPs or domains 22->97 38 chrome.exe 22->38         started        41 nw.exe 25->41         started        file9 signatures10 process11 dnsIp12 44 diskspd.exe 2 29->44         started        47 conhost.exe 29->47         started        77 C:\Program Files (x86)\Fast!\nwjs\nw.exe, PE32 31->77 dropped 79 C:\Program Files (x86)\...\libGLESv2.dll, PE32 31->79 dropped 81 C:\Program Files (x86)\Fast!\...\libEGL.dll, PE32 31->81 dropped 85 7 other files (none is malicious) 31->85 dropped 49 chrome.exe 34->49         started        99 1715720427.rsc.cdn77.org 37.19.206.5, 443, 49725, 49730 INTERTELECOMUA Ukraine 38->99 101 74.125.136.100 GOOGLEUS United States 38->101 103 9 other IPs or domains 38->103 83 C:\Users\user\AppData\Local\FAST!\...\History, SQLite 41->83 dropped 125 Very long command line found 41->125 127 Tries to harvest and steal browser information (history, passwords, etc) 41->127 51 nw.exe 41->51         started        53 nw.exe 41->53         started        55 nw.exe 41->55         started        57 2 other processes 41->57 file13 signatures14 process15 signatures16 129 Found API chain indicative of debugger detection 44->129 131 Contains functionality to infect the boot sector 44->131 59 nw.exe 51->59         started        process17

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Setup (1).exe17%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Fast!\FastSRV.exe4%ReversingLabs
C:\Program Files (x86)\Fast!\fast!.exe0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dll3%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\libEGL.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\node.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\nw.dll3%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\nw.exe4%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\nw_elf.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\swiftshader\libEGL.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\uninstaller.exe3%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\SetupEngine[1].exe38%ReversingLabsWin32.PUA.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\SetupResources[1].exe5%ReversingLabs
C:\Users\user\AppData\Local\Temp\SetupEngine.exe38%ReversingLabsWin32.PUA.Generic
C:\Users\user\AppData\Local\Temp\SetupResources.exe5%ReversingLabs
C:\Users\user\AppData\Local\Temp\diskspd.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsd4724.tmp\INetC.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsd4724.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsd4724.tmp\WmiInspector.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsd4724.tmp\nsDialogs.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsf9748.tmp\SimpleSC.dll4%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsf9748.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsf9748.tmp\inetc.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsf9748.tmp\nsExec.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://ct.startssl.com/0%Avira URL Cloudsafe
http://polymer.github.io/AUTHORS.txt0%Avira URL Cloudsafe
http://crbug.com/3780670%Avira URL Cloudsafe
http://crbug.com/4973010%Avira URL Cloudsafe
https://crbug.com/7010340%Avira URL Cloudsafe
http://webk.it/626640%Avira URL Cloudsafe
http://www.foo.com/bar0%Avira URL Cloudsafe
http://crbug.com/4153150%Avira URL Cloudsafe
http://crbug.com/5102700%Avira URL Cloudsafe
https://crbug.com/5931660%Avira URL Cloudsafe
http://crbug.com/6421410%Avira URL Cloudsafe
http://crbug.com/4726990%Avira URL Cloudsafe
http://polymer.github.io/PATENTS.txt0%Avira URL Cloudsafe
http://crbug.com/116800.0%Avira URL Cloudsafe
http://crl.ver)0%Avira URL Cloudsafe
http://crbug.com/235689.0%Avira URL Cloudsafe
https://crbug.com/5448190).0%Avira URL Cloudsafe
http://crbug.com/415315.0%Avira URL Cloudsafe
https://ct2.digicert-ct.com/log/0%Avira URL Cloudsafe
http://crbug.com/3207230%Avira URL Cloudsafe
http://crbug.com/3749700%Avira URL Cloudsafe
https://crbug.com/444752.0%Avira URL Cloudsafe
http://crbug.com/258526.0%Avira URL Cloudsafe
http://crbug.com/140364).0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
1715720427.rsc.cdn77.org
37.19.206.5
truefalse
    		unknown
    scontent.xx.fbcdn.net
    		31.13.65.7
    		truefalse
      		high
      accounts.google.com
      		74.125.136.84
      		truefalse
        		high
        veryfast.io
        		161.35.127.181
        		truefalse
          		high
          www.google.com
          		74.125.138.99
          		truefalse
            		high
            clients.l.google.com
            		74.125.138.113
            		truefalse
              		high
              1791066845.rsc.cdn77.org
              		89.187.173.22
              		truefalse
                		unknown
                d1uyoz7mfvzv4e.cloudfront.net
                		18.67.65.20
                		truefalse
                  		high
                  clients1.google.com
                  		unknown
                  		unknownfalse
                    		high
                    repository.pcapp.store
                    		unknown
                    		unknownfalse
                      		unknown
                      clients2.google.com
                      		unknown
                      		unknownfalse
                        		high
                        connect.facebook.net
                        		unknown
                        		unknownfalse
                          		high
                          repcdn.veryfast.io
                          		unknown
                          		unknownfalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://veryfast.io/installing2.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67false
                              		high
                              https://veryfast.io/favicon.icofalse
                                		high
                                https://veryfast.io/api/api.phpfalse
                                  		high
                                  https://veryfast.io/download.php?engine=1&guid=9AC52742-8547-84D6-5349-ECEC87A66D67false
                                    		high
                                    https://veryfast.io/register.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&ch=&version=2.305&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000false
                                      		high
                                      https://veryfast.io/pixel.gif?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&version=2.305&evt_src=installer&evt_action=donefalse
                                        		high
                                        https://veryfast.io/src/initiate.jsfalse
                                          		high
                                          https://veryfast.io/pixel.gif?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&evt_src=installer&evt_action=mini_start&version=&defaultbrowser=defaultfalse
                                            		high

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://ct.startssl.com/nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://crbug.com/593166nw.exe, 00000016.00000002.2761947628.0000000008610000.00000002.00000001.00040000.00000028.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://veryfast.io/cpg.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67SetupEngine.exeSetup (1).exe, 00000000.00000002.2027780400.0000000003099000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://elements.polymer-project.org/guides/flex-layout)nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                		high
                                                https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=%SetupEngine.exe, 00000008.00000003.2010012892.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.2013204330.00000000046EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://chrome.google.com/webstore?hl=en-GB&nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://accounts.google.com/TokenAuthnw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://crbug.com/510270nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newnw.exe, 00000016.00000000.2020532702.00000000010A3000.00000002.00000001.01000000.00000016.sdmp, nw.exe, 00000016.00000002.2748877399.00000000010A3000.00000002.00000001.01000000.00000016.sdmp, nw.exe, 00000018.00000000.2029486793.00000000010A3000.00000002.00000001.01000000.00000016.sdmpfalse
                                                        		high
                                                        http://ocsp.starfieldtech.com/0DSetup (1).exe, 00000000.00000003.1641528607.00000000030AD000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1637973185.00000000030A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://polymer.github.io/AUTHORS.txtnw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://webk.it/62664nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://repcdn.veryfast.io/Setup (1).exe, 00000000.00000002.2027780400.0000000003070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schema.org/Articlenw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                              		high
                                                              https://sabre.ct.comodo.com/nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://support.google.com/chrome/?p=plugin_realnw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://crbug.com/378067nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.foo.com/barnw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.google.com/speech-api/v2/synthesize?nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                    		high
                                                                    https://veryfast.io/download.php?engine=1&guid=9AC52742-8547-84D6-5349-ECEC87A66D67LSetup (1).exe, 00000000.00000002.2025253187.000000000078F000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.2020337801.000000000078F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://veryfast.io/installed.phpSetupEngine.exe, 00000008.00000003.2010012892.0000000004701000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.2013204330.00000000046EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://m.google.com/devicemanagement/data/api??nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://veryfast.io/cpg.php?guid=Setup (1).exe, 00000000.00000002.2025056053.00000000006DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=CSetupEngine.exe, 00000008.00000003.2010012892.0000000004701000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://crbug.com/415315nw.exe, 00000016.00000002.2761947628.0000000008610000.00000002.00000001.00040000.00000028.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://accounts.google.com/AuthSubRevokeTokennw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://accounts.google.com/OAuthWrapBridgenw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.html5rocks.com/en/tutorials/canvas/hidpi/nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                    		high
                                                                                    http://crbug.com/497301nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://crbug.com/701034nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://d1uyoz7mfvzv4e.cloudfront.net/Setup (1).exe, 00000000.00000002.2027780400.0000000003070000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://crbug.com/642141nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=4SetupEngine.exe, 00000008.00000003.2009787407.00000000004F3000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.2010341949.00000000004F3000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.2011940187.00000000004F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://chromium.googlesource.com/chromium/src/nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                          		high
                                                                                          https://accounts.google.com/IssueAuthTokennw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://accounts.google.com/OAuthLoginnw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://crashpad.chromium.org/nw.exe, nw.exe, 00000016.00000000.2020532702.00000000010A3000.00000002.00000001.01000000.00000016.sdmp, nw.exe, 00000016.00000002.2748877399.00000000010A3000.00000002.00000001.01000000.00000016.sdmp, nw.exe, 00000018.00000000.2029486793.00000000010A3000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                                		high
                                                                                                http://www.google.com/chrome/intl/en-GB/welcome.html3faUnw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://forms.real.com/real/realone/download.html?type=rpsp_usJnw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://crbug.com/472699nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://chrome.google.com/webstorenw.exe, 00000016.00000003.2031597904.0000000006D8D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2032050839.0000000006D8D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006D80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://certs.godaddy.com/repository/1301Setup (1).exe, 00000000.00000003.1641528607.00000000030AD000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1637973185.00000000030A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://crbug.com/320723nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://polymer.github.io/PATENTS.txtnw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://www.google.com/tools/feedback/chrome/__submit3nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://google.com/Uanw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.google.com/chrome/intl/en-GB/welcome.htmlWelcomenw.exe, 00000016.00000002.2762061423.0000000008710000.00000002.00000001.00040000.00000029.sdmp, nw.exe, 0000001C.00000002.2495136920.0000000007940000.00000002.00000001.00040000.00000029.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.google.com/chrome/intl/en-GB/welcome.html2nw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://ct2.digicert-ct.com/log/nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://crl.ver)svchost.exe, 00000004.00000002.2757982258.000002E340A00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		low
                                                                                                                https://accounts.google.com/AuthSubRevokeToken3nw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://certs.godaddy.com/repository/0Setup (1).exe, 00000000.00000003.1641528607.00000000030AD000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1637973185.00000000030A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schema.org/ImageObjectnw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://clients4.google.com/chrome-sync/dev/eventnw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.google.com/favicon.iconw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://chrome.google.com/webstoreWnw.exe, 00000016.00000003.2031597904.0000000006D8D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2032050839.0000000006D8D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006D80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://crl.godaddy.com/gdroot-g2.crl0FSetup (1).exe, 00000000.00000003.1641528607.00000000030AD000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1637973185.00000000030A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://support.google.com/chrome/?p=plugin_shockwave1nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://nsis.sf.net/NSIS_ErrorSetupResources.exe, SetupResources.exe, 0000000E.00000000.1936857292.0000000000409000.00000008.00000001.01000000.00000012.sdmp, SetupResources.exe, 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://crbug.com/116800.nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://github.com/PolymerElements/iron-flex-layout/tree/master/classes)nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://support.google.com/chrome/?p=plugin_shockwavenw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://accounts.google.com/nsitionRnw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://m.google.com/devicemanagement/data/apinw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://ct.izenpe.com/anw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://ctlog.wosign.com/nw.exe, 00000016.00000002.2757029350.0000000006DF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://veryfast.io/register.php?guid=SetupEngine.exe, 00000008.00000002.2011764031.0000000000478000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://crbug.com/5448190).nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://veryfast.io/%Setup (1).exe, 00000000.00000002.2027780400.0000000003099000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://veryfast.io/cpg.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67NhSetup (1).exe, 00000000.00000003.2020337801.0000000000765000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000002.2025253187.0000000000765000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://crbug.com/415315.nw.exe, 00000016.00000002.2761947628.0000000008610000.00000002.00000001.00040000.00000028.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://schema.org/NewsArticlenw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://accounts.google.com/embedded/setup/chromeosnw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://support.google.com/chrome/?p=plugin_wmpnw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmp, nw.exe, 00000016.00000002.2757029350.0000000006E2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://crbug.com/235689.nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://veryfast.io/download.php?engine=1&guid=Setup (1).exe, 00000000.00000002.2025056053.00000000006DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://certificates.godaddy.com/repository/0Setup (1).exe, 00000000.00000003.1641528607.00000000030AD000.00000004.00000020.00020000.00000000.sdmp, Setup (1).exe, 00000000.00000003.1637973185.00000000030A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://schema.org/Corporationnw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://veryfast.io/Setup (1).exe, 00000000.00000002.2027780400.0000000003099000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.2009787407.00000000004F3000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.2013204330.00000000046D1000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.1711036742.00000000004F7000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.2013204330.00000000046EF000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000003.2010341949.00000000004F3000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000008.00000002.2011940187.00000000004F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://accounts.google.com/nsitionnw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://crashpad.chromium.org/bug/newnw.exe, nw.exe, 00000016.00000000.2020532702.00000000010A3000.00000002.00000001.01000000.00000016.sdmp, nw.exe, 00000016.00000002.2748877399.00000000010A3000.00000002.00000001.01000000.00000016.sdmp, nw.exe, 00000018.00000000.2029486793.00000000010A3000.00000002.00000001.01000000.00000016.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://www.unicode.org/copyright.htmlnw.exe, 0000001D.00000002.2645743262.0000000006A50000.00000002.00000001.00040000.00000025.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://chrome.google.com/webstore?hl=en-GBnw.exe, 00000016.00000002.2766490045.000000000B3F7000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2044394851.000000000BA4C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://crbug.com/374970nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://schema.org/GovernmentOrganizationnw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.google.com/intl/en-GB/chrome/browser/welcome.html52https://chrome.google.com/webstore?hlnw.exe, 00000016.00000002.2762061423.0000000008710000.00000002.00000001.00040000.00000029.sdmp, nw.exe, 0000001C.00000002.2495136920.0000000007940000.00000002.00000001.00040000.00000029.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://accounts.google.com/o/oauth2/authEnw.exe, 00000016.00000002.2767700515.000000000B9EC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000016.00000003.2037373905.000000000BA08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://codereview.chromium.org/25305002).nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://crbug.com/444752.nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent.keyCode#Value_of_keyCodenw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://crbug.com/140364).nw.exe, 00000016.00000002.2762112980.0000000008964000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://crbug.com/258526.nw.exe, 00000016.00000002.2762112980.0000000008740000.00000002.00000001.00040000.0000002A.sdmpfalse
                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                    		unknown

                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                    Public IPs

                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                    74.125.138.99
                                                                                                                                                                                    		www.google.comUnited States
                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                    74.125.138.113
                                                                                                                                                                                    		clients.l.google.comUnited States
                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                    74.125.136.84
                                                                                                                                                                                    		accounts.google.comUnited States
                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                    18.67.65.20
                                                                                                                                                                                    		d1uyoz7mfvzv4e.cloudfront.netUnited States
                                                                                                                                                                                    		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                    31.13.65.7
                                                                                                                                                                                    		scontent.xx.fbcdn.netIreland
                                                                                                                                                                                    		32934FACEBOOKUSfalse
                                                                                                                                                                                    239.255.255.250
                                                                                                                                                                                    		unknownReserved
                                                                                                                                                                                    		unknownunknownfalse
                                                                                                                                                                                    37.19.206.5
                                                                                                                                                                                    		1715720427.rsc.cdn77.orgUkraine
                                                                                                                                                                                    		31343INTERTELECOMUAfalse
                                                                                                                                                                                    74.125.136.100
                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                    161.35.127.181
                                                                                                                                                                                    		veryfast.ioUnited States
                                                                                                                                                                                    		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                                                    89.187.173.22
                                                                                                                                                                                    		1791066845.rsc.cdn77.orgCzech Republic
                                                                                                                                                                                    		60068CDN77GBfalse

                                                                                                                                                                                    Private

                                                                                                                                                                                    IP
                                                                                                                                                                                    192.168.2.8
                                                                                                                                                                                    192.168.2.6
                                                                                                                                                                                    192.168.2.5
                                                                                                                                                                                    127.0.0.1

                                                                                                                                                                                    General Information

                                                                                                                                                                                    Joe Sandbox version:39.0.0 Ruby
                                                                                                                                                                                    Analysis ID:1386890
                                                                                                                                                                                    Start date and time:2024-02-05 15:55:06 +01:00
                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                    Overall analysis duration:0h 12m 33s
                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                    Report type:full
                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                    Number of analysed new started processes analysed:30
                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                    Technologies:
                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                    Sample name:Setup (1).exe
                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                    Classification:mal60.spyw.evad.winEXE@53/204@23/14
                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                    • Successful, ratio: 61%
                                                                                                                                                                                    • Number of executed functions: 147
                                                                                                                                                                                    • Number of non-executed functions: 271
                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                                    Warnings

                                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 142.250.9.94, 34.104.35.123, 64.233.177.95, 172.253.124.94, 184.24.36.112, 72.21.81.240, 192.229.211.108, 142.250.105.94, 74.125.136.94
                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, e16604.g.akamaiedge.net, update.googleapis.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net
                                                                                                                                                                                    • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                    • VT rate limit hit for: Setup (1).exe

                                                                                                                                                                                    Simulations

                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                    15:56:19API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                                    15:57:04API Interceptor415095x Sleep call for process: FastSRV.exe modified
                                                                                                                                                                                    15:57:07API Interceptor2x Sleep call for process: nw.exe modified
                                                                                                                                                                                    15:57:39API Interceptor2338x Sleep call for process: fast!.exe modified

                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                    IPs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    239.255.255.250http://kablemail.deGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      https://solarhomeph.com/luxxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        MDE_File_Sample_04afb10ed5a38a58bac2ab1a84910a4718ddb06a.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          VtTzu63V0u.exeGet hashmaliciousAmadey, Fabookie, LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, StealcBrowse
                                                                                                                                                                                            https://iajjfhkbqnkrnryejn.ypiqzxx7wocs.su/uLcQ9cpy1L/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-00af-2402/Bct/g-00f2/l-00ec:4d887e/ct1_1/1/lu?sid=TV2%3AisjneipctGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                http://itwgb.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  Batoncollective New Employee 2024 Benefits Open Enrollment.shtmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    Signature requested on _Mutual NDA - Candace Graham _ Bank OZK - 4 Feb 2024_.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                      https://drive.google.com/file/d/1jXXlkl_12f-YIzALjjSTFVKv-EjsWz0-/view?usp=drive_webGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        37.19.206.5https://enotice.mmsend.com/link.cfm?r=b_H3ZfGAxh2GqxcGQg3O1g~~&pe=Sb3NxPmGqLJ4SIpI2eFb62ORC5WZTTCW2xqjRbK9t5oVgQkzolQo7H0BRRTBTUT7w40TKCUYuFaDu7ocxtC-kA~~&t=zOU61wM6SJiwXWW7LBn0BQ~~Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          https://groupfuturista.com/FODOX2024.6/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            winrar-x64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              https://arthurrlemus.wixsite.com/micr/officeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                MDE_File_Sample_ba40401128d2ff2734a7e554120b7de438870654.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  161.35.127.181https://veryfast.io/downloading.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    89.187.173.22https://falcon.us-2.crowdstrike.com/search/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      https://cl.s13.exct.net/?qs=58966b71d01b46e59cb2ad5ab21882213e404d8ee1da250ec9afe95ab701241f2e4feb327c75ef2c31f5c41faa4fa8d3Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        https://p.feedblitz.com/t3.asp?/1081591/102442729/7821567_/~feeds.feedblitz.com/~/t/0/0/sethsblog/posts/~////rKvcsuIdVSbio-rad.ims-gmhb%E3%80%82de/amliaW5fam9zZUBiaW8tcmFkLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          http://leftaaa.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            https://booking.confirmation-id42564.com/p/6198569254Get hashmaliciousUnknownBrowse

                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              d1uyoz7mfvzv4e.cloudfront.netSetupFA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 52.222.214.36
                                                                                                                                                                                                                              https://veryfast.io/downloading.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 108.157.4.98
                                                                                                                                                                                                                              SetupFA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 13.224.98.113
                                                                                                                                                                                                                              SetupFA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 143.204.101.73
                                                                                                                                                                                                                              Fast! Installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 13.224.89.18
                                                                                                                                                                                                                              {C57CA5B7-A655-48F9-AF02-CA9C6BB0E91B}.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 13.35.253.80
                                                                                                                                                                                                                              1715720427.rsc.cdn77.orghttp://pcapp.storeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 195.181.175.15
                                                                                                                                                                                                                              http://pcapp.storeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 195.181.170.18
                                                                                                                                                                                                                              veryfast.iohttps://veryfast.io/downloading.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 161.35.127.181
                                                                                                                                                                                                                              fa_rss.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 3.233.131.217
                                                                                                                                                                                                                              SetupFA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 3.215.103.17
                                                                                                                                                                                                                              https://veryfast.io/downloading.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 34.195.48.210
                                                                                                                                                                                                                              SetupFA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 34.195.48.210
                                                                                                                                                                                                                              fa_rss.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 34.195.48.210
                                                                                                                                                                                                                              SetupFA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 34.195.48.210
                                                                                                                                                                                                                              Fast! Installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 34.195.48.210
                                                                                                                                                                                                                              {C57CA5B7-A655-48F9-AF02-CA9C6BB0E91B}.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 34.195.48.210

                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              CDN77GBhttp://itwgb.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 185.152.66.243
                                                                                                                                                                                                                              SecuriteInfo.com.not-a-virus.HEUR.Server-Proxy.MSIL.Luminati.gen.21829.28282.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 185.93.1.243
                                                                                                                                                                                                                              SecuriteInfo.com.not-a-virus.HEUR.Server-Proxy.MSIL.Luminati.gen.21829.28282.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 185.93.1.250
                                                                                                                                                                                                                              https://instantrickroll.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 185.152.66.243
                                                                                                                                                                                                                              http://instantrickroll.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 185.152.66.243
                                                                                                                                                                                                                              https://upvir.al/155175/lp155175Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 185.152.66.243
                                                                                                                                                                                                                              SecuriteInfo.com.Win32.CoinminerX-gen.29269.21386.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 185.152.66.243
                                                                                                                                                                                                                              SecuriteInfo.com.Win32.CoinminerX-gen.29269.21386.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 89.187.171.26
                                                                                                                                                                                                                              https://www.nireos.com/hyperspectral-imaging/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 185.152.66.243
                                                                                                                                                                                                                              https://www.nireos.com/hyperspectral-imaging/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 185.152.66.243
                                                                                                                                                                                                                              INTERTELECOMUASecuriteInfo.com.Win32.CoinminerX-gen.29269.21386.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 37.19.207.34
                                                                                                                                                                                                                              3yPAKl30XU.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                              • 130.180.210.166
                                                                                                                                                                                                                              https://www.nireos.com/hyperspectral-imaging/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 37.19.207.34
                                                                                                                                                                                                                              https://www.google.com/url?sa=i&url=https%3A%2F%2Fwww.nireos.com%2Fhyperspectral-imaging%2F&psig=AOvVaw1JYEwI4H49LZPOWn9fTBOI&ust=1706902416150000&source=images&cd=vfe&opi=89978449&ved=0CBMQjRxqFwoTCKjlrZXxioQDFQAAAAAdAAAAABAEGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 37.19.207.34
                                                                                                                                                                                                                              http://gestiley.a3hrgo.comGet hashmaliciousPorn ScamBrowse
                                                                                                                                                                                                                              • 37.19.216.10
                                                                                                                                                                                                                              https://fleek.ipfs.io/ipfs/QmcVapdtzZSMcx2xkQs2pdnichKZwVhvj5JJWR4Pgv5Dxg/Jah.html/#adam.kahl@centralian.com.auGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 37.19.207.34
                                                                                                                                                                                                                              https://t.ly/vUxxBGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 37.19.216.11
                                                                                                                                                                                                                              huhu.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                              • 130.180.210.144
                                                                                                                                                                                                                              http://sub.nabprotect-livechat.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 37.19.203.67
                                                                                                                                                                                                                              OriginalMessage.txt.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 37.19.207.34
                                                                                                                                                                                                                              DIGITALOCEAN-ASNUSS23UhdW5DH.exeGet hashmaliciousLummaC, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                              • 164.90.197.162
                                                                                                                                                                                                                              mpsl-20240205-0055.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                              • 159.65.206.21
                                                                                                                                                                                                                              x86_64-20240205-0055.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                              • 157.230.201.3
                                                                                                                                                                                                                              https://ca-net-fix-assistenzaonline.codeanyapp.com/neet/net/net/login.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 45.55.112.74
                                                                                                                                                                                                                              https://t.co/kdpDbpIXphGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.248.10.131
                                                                                                                                                                                                                              https://veryfast.io/downloading.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 161.35.127.181
                                                                                                                                                                                                                              http://shavconsulting.pro/4sJXiS8461QtNA58xvgfjagste612ZTCZGPCAKJIXIUY4428DPIP1255d11&data=05%7C02%7C%7Cb8636bfa69404d52d9ab08dc22f6f08f%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638423691195224128%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C0%7C%7C%7C&sdata=aqUfmsYVzwKZCwJQRe+TTQdvv6AnL3T16V9HccuC+c4=&reserved=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 167.71.30.39
                                                                                                                                                                                                                              SecuriteInfo.com.FileRepMalware.7168.8036.exeGet hashmaliciousCreal StealerBrowse
                                                                                                                                                                                                                              • 159.89.102.253
                                                                                                                                                                                                                              _INV-52892_ACH__Paid-Feb-1-2024__ for Stonhard.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 188.166.66.58
                                                                                                                                                                                                                              http://tinyurl.com/4xe9ac83Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 165.227.251.217
                                                                                                                                                                                                                              MIT-GATEWAYSUShttps://cdoiq2024.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 18.160.15.36
                                                                                                                                                                                                                              SecuriteInfo.com.Win32.PWSX-gen.18465.17543.exeGet hashmaliciousLummaC, Amadey, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                                                                                                                              • 18.160.60.35
                                                                                                                                                                                                                              mips-20240205-0055.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                              • 19.172.7.140
                                                                                                                                                                                                                              x86-20240205-0055.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                              • 18.70.143.94
                                                                                                                                                                                                                              mpsl-20240205-0055.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                              • 18.125.91.244
                                                                                                                                                                                                                              https://www.smtd.link.maozizhaojuan.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 18.160.18.11
                                                                                                                                                                                                                              TOcuLeqhj0.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                                              • 18.160.60.35
                                                                                                                                                                                                                              r1cE8H161I.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                                              • 18.160.60.125
                                                                                                                                                                                                                              no.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 18.160.60.35
                                                                                                                                                                                                                              ladas.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                                              • 18.160.60.4

                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              1138de370e523e824bbca92d049a3777http://kablemail.deGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 23.206.229.226
                                                                                                                                                                                                                              Signature requested on _Mutual NDA - Candace Graham _ Bank OZK - 4 Feb 2024_.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 23.206.229.226
                                                                                                                                                                                                                              SWift Paymant Reciept.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 23.206.229.226
                                                                                                                                                                                                                              https://support.cch.com/productsupport/outsideLink.aspx?u=http%3A%2F%2Fucl.college/rP1-alu-y5-4Gol-Q8Kvw4RAngam3TQ3E-d58Kvo-y5Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 23.206.229.226
                                                                                                                                                                                                                              https://locksmithbellevuehill.net.au/xc/roundcube/?email=customerservice.bnl@hyh.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 23.206.229.226
                                                                                                                                                                                                                              http://sl.crematoxx.websiteGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 23.206.229.226
                                                                                                                                                                                                                              https://share.formbold.com/3djRrGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 23.206.229.226
                                                                                                                                                                                                                              https://bit.ly/3unyZPhGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 23.206.229.226
                                                                                                                                                                                                                              PO-_55846987.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                              • 23.206.229.226
                                                                                                                                                                                                                              REQUEST_FOR_QUOTATION.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                                              • 23.206.229.226
                                                                                                                                                                                                                              28a2c9bd18a11de089ef85a160da29e4http://kablemail.deGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 40.68.123.157
                                                                                                                                                                                                                              MDE_File_Sample_04afb10ed5a38a58bac2ab1a84910a4718ddb06a.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 40.68.123.157
                                                                                                                                                                                                                              https://iajjfhkbqnkrnryejn.ypiqzxx7wocs.su/uLcQ9cpy1L/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 40.68.123.157
                                                                                                                                                                                                                              https://optout.oracle-zoominfo-notice.com/acton/ct/45126/s-00af-2402/Bct/g-00f2/l-00ec:4d887e/ct1_1/1/lu?sid=TV2%3AisjneipctGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 40.68.123.157
                                                                                                                                                                                                                              http://itwgb.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 40.68.123.157
                                                                                                                                                                                                                              Batoncollective New Employee 2024 Benefits Open Enrollment.shtmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 40.68.123.157
                                                                                                                                                                                                                              Signature requested on _Mutual NDA - Candace Graham _ Bank OZK - 4 Feb 2024_.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 40.68.123.157
                                                                                                                                                                                                                              https://drive.google.com/file/d/1jXXlkl_12f-YIzALjjSTFVKv-EjsWz0-/view?usp=drive_webGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 40.68.123.157
                                                                                                                                                                                                                              SWift Paymant Reciept.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 40.68.123.157
                                                                                                                                                                                                                              http://recp.rm02.net/ctt?m=20355595&r=LTQ1OTU4NjI1OTQS1&b=0&j=MjQ2MTc1NzY3NgS2&k=RPI_Link_3172846EEBBC1863C54876B8F49EE6BD&kx=1&kt=12&kd=http://ogk0ormmaw88888888rgtjf.beautybrowguru.com/Wa3/bC5sZXJveUBzYm0ubWM=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 40.68.123.157
                                                                                                                                                                                                                              37f463bf4616ecd445d4a1937da06e19PANELLI_s.r.l._.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                              • 161.35.127.181
                                                                                                                                                                                                                              • 89.187.173.22
                                                                                                                                                                                                                              • 18.67.65.20
                                                                                                                                                                                                                              P00000271_1705329916.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                              • 161.35.127.181
                                                                                                                                                                                                                              • 89.187.173.22
                                                                                                                                                                                                                              • 18.67.65.20
                                                                                                                                                                                                                              MDE_File_Sample_04afb10ed5a38a58bac2ab1a84910a4718ddb06a.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 161.35.127.181
                                                                                                                                                                                                                              • 89.187.173.22
                                                                                                                                                                                                                              • 18.67.65.20
                                                                                                                                                                                                                              rP22783319.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                              • 161.35.127.181
                                                                                                                                                                                                                              • 89.187.173.22
                                                                                                                                                                                                                              • 18.67.65.20
                                                                                                                                                                                                                              GC_Invoice_02052024_docs.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                              • 161.35.127.181
                                                                                                                                                                                                                              • 89.187.173.22
                                                                                                                                                                                                                              • 18.67.65.20
                                                                                                                                                                                                                              file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                                                                                                              • 161.35.127.181
                                                                                                                                                                                                                              • 89.187.173.22
                                                                                                                                                                                                                              • 18.67.65.20
                                                                                                                                                                                                                              Purchase_Order_PA056223.pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                              • 161.35.127.181
                                                                                                                                                                                                                              • 89.187.173.22
                                                                                                                                                                                                                              • 18.67.65.20
                                                                                                                                                                                                                              rNUBzMB8Cm.exeGet hashmaliciousClipboard Hijacker, Djvu, Fabookie, Glupteba, RedLine, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                              • 161.35.127.181
                                                                                                                                                                                                                              • 89.187.173.22
                                                                                                                                                                                                                              • 18.67.65.20
                                                                                                                                                                                                                              CDGT003983765367VND--30983RDGHJ.exeGet hashmaliciousGuLoader, XWormBrowse
                                                                                                                                                                                                                              • 161.35.127.181
                                                                                                                                                                                                                              • 89.187.173.22
                                                                                                                                                                                                                              • 18.67.65.20
                                                                                                                                                                                                                              GCGXQQQU.JS.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 161.35.127.181
                                                                                                                                                                                                                              • 89.187.173.22
                                                                                                                                                                                                                              • 18.67.65.20

                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dllThunderstore Mod Manager - Installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                https://github.com/microsoft/Analysis-Services/releases/latest/download/AlmToolkitSetup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  SetupFA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    SetupFA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      Fast! Installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        {C57CA5B7-A655-48F9-AF02-CA9C6BB0E91B}.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dllSetupFA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            SetupFA.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              Fast! Installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                {C57CA5B7-A655-48F9-AF02-CA9C6BB0E91B}.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\FastSRV.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):98648
                                                                                                                                                                                                                                                  Entropy (8bit):6.50695731426125
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:UfzhRR+glf+8kxh174xM/bU33zNxFTSLkujKXSaB:ULQOf+bexebjKXF
                                                                                                                                                                                                                                                  MD5:B8AF4E4DFAB89560361DDB94353E7E06
                                                                                                                                                                                                                                                  SHA1:8B8D97A787CC1F197F6D8C508324883E7FC9688C
                                                                                                                                                                                                                                                  SHA-256:17B29000D3BBC7AC90D92E2EB48FF3116B0B1C62F199022EFEA94E35B130CA71
                                                                                                                                                                                                                                                  SHA-512:F0B505EEDE60D4AB36CDA8C6F35EA530FAE5BD31945A93230DA17A69AE1E5F6426DB86FF8F9E17353E8CA34099513DFA1EDF94ABCA34E4472513C751C7EAC3DC
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a..............x.......x.......x...............................x........................l.............Rich............................PE..L....AWe...............%..........................@.......................................@.................................d>..x....p...............X..X)..........p1..p....................2.......0..@...............p............................text...:........................... ..`.rdata...g.......h..................@..@.data........P.......<..............@....rsrc........p.......F..............@..@.reloc...............H..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\fast!.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1983320
                                                                                                                                                                                                                                                  Entropy (8bit):6.560038398363821
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:2q8ZcfzRcVhL7Wjj9ZeVWXviwpjYO0FFppJaXzD:2qtzOVh3WH9ZKWXviGjYZFFppJaXzD
                                                                                                                                                                                                                                                  MD5:3F2669BA4BA457B6F5B0F3CD949F1FDB
                                                                                                                                                                                                                                                  SHA1:AED38ACD1ACB45340EDC997065B47590C174A629
                                                                                                                                                                                                                                                  SHA-256:44A21F47F4AE20D21DD0AB13AF299E79BC985DFD94AF96AC96D8C6D150F1412B
                                                                                                                                                                                                                                                  SHA-512:1844AA591B70583A211F43428686028E94C6D1BB7099A34B370FF0E4F5F063883419208568A6B2E930AB7FAEF29B0B90EFD5E5D0D68758E4EFC287F1F9754C89
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........G.ot..ot..ot...w..ot...q.Vot...p..ot...w..ot...q..nt...r..ot...u..ot..ou..lt...p..ot...}..ot.....ot..o...ot...v..ot.Rich.ot.........PE..L....AWe...............%..........................@.......................................@..................................\..h....`...D..............X)..............p...................@...........@............................................text............................... ..`.rdata..0...........................@..@.data............R...x..............@....rsrc....D...`...F..................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\credits.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1922937
                                                                                                                                                                                                                                                  Entropy (8bit):5.0265097704672135
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:+mEufVjmNmimymFm3mt+3UCHzA+Sx2cXrDCRm0FtZZmS6h3BbZrS7Ui61GQqbdWD:D8mnLiLDJjwfuVBHrQrEK30cfkUJMQ4y
                                                                                                                                                                                                                                                  MD5:F9D0858C1D14035F1E31A05A01D96631
                                                                                                                                                                                                                                                  SHA1:8025032D219A17CFB137931F8E46CF48BDE2BBCE
                                                                                                                                                                                                                                                  SHA-256:C2996A2628CD1F104281A210963D99EEE56A919958B518E4E2F07323B23C252C
                                                                                                                                                                                                                                                  SHA-512:03E2549E2FE6A21EBB87199B5C5315241CA9918DE080CEE9DB4893AFB727ABD1B6E282013C2B4772E0A9A65FDB48ED5BE3FD0A3A0B530CF0EBB923E5A3C623E6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview: Generated by licenses.py; do not edit. --><!doctype html>..<html>..<head>..<meta charset="utf-8">..<meta name="viewport" content="width=device-width">..<title>Credits</title>..<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">..<style>..body {.. background-color: white;.. font-size: 84%;.. max-width: 1020px;..}...page-title {.. font-size: 164%;.. font-weight: bold;..}...product {.. background-color: #c3d9ff;.. border-radius: 5px;.. margin-top: 16px;.. overflow: auto;.. padding: 2px;..}...product .title {.. float: left;.. font-size: 110%;.. font-weight: bold;.. margin: 3px;..}...product .homepage {.. color: blue;.. float: right;.. margin: 3px;.. text-align: right;..}...product .homepage::before {.. content: " - ";..}...product .show {.. color: blue;.. float: right;.. margin: 3px;.. text-align: right;.. text-decoration: underline;..}...licence {.. background-color: #e8eef7;.. border-radius: 3px;.. clear: both;.. padding: 16px;..}...li

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3661112
                                                                                                                                                                                                                                                  Entropy (8bit):6.573095716724625
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:1VBD1/zMxpjAeHhtiv2dGDwhMeX1/iK6AoVCdUTFE:17ZMxpjAeHhtivBDwh1c51
                                                                                                                                                                                                                                                  MD5:D808ACB53436CA8BF04F88D3B40200CB
                                                                                                                                                                                                                                                  SHA1:493344C681A2269BB8C202F020AE0583814D2816
                                                                                                                                                                                                                                                  SHA-256:381EC497D7D40B83616B0E82E15C597D04433ACC20E94EBE5611F954B2E5309B
                                                                                                                                                                                                                                                  SHA-512:86DC1CE2AE6C7A36B2F7D4A18278CEC99A9A8743DF657B2546EF46F0E8007C94D55354FE765A9C17A2FD5B15F21693691D177407B141BE23BCDE24635093EFB5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: Thunderstore Mod Manager - Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: SetupFA.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: SetupFA.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Fast! Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: {C57CA5B7-A655-48F9-AF02-CA9C6BB0E91B}.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?W8.^9k.^9k.^9k.&.k.^9km..k.^9km..k.^9k.<=j.^9k.<:j.^9k.^8k.^9k.<8j.^9k.<<j.^9k.<9j.^9k.<0jU^9k.<.k.^9k.<;j.^9kRich.^9k........PE..L.....U............!.....F5...........*......`5..............................`8......n8...@A.........................P5.u....S6.d....p6.@.............7.8=....6........T...............................@............P6..............................text...eD5......F5................. ..`.data........`5..d...J5.............@....idata.......P6.......5.............@..@.rsrc...@....p6.......5.............@..@.reloc........6.......5.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1157120
                                                                                                                                                                                                                                                  Entropy (8bit):6.720388521100998
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:/UNzPn6vLg6LbipXvpBvbcE1Ztkwb0gvhjPGmLKPRFQU8gn3s:/U5/6vLg6LOKE1ZtbvhzG/JFQU83
                                                                                                                                                                                                                                                  MD5:1A5F9ED8803FBB93655A123C208DB365
                                                                                                                                                                                                                                                  SHA1:A4BB2F6AEFD020570A954E95ABCB45C94DF34D63
                                                                                                                                                                                                                                                  SHA-256:EED485D2D5D5D731AA34F7C2A25691BB4EFFD0CBAF4E77A95D8FE704DFD01538
                                                                                                                                                                                                                                                  SHA-512:E217104FA1F545C929FC85845DE6D403011C11C0233E73CC0A75DA5788C800501E9FEEF7793C8A5A45D34D253357FB7E2779BEAD6B9A4FEC42EE85D10504C07D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: SetupFA.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: SetupFA.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Fast! Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: {C57CA5B7-A655-48F9-AF02-CA9C6BB0E91B}.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7O..s..Ks..Ks..K.s.J\..K.s.J...K.s.JG..K.:Kp..KHp.Jj..KHp.Je..KHp.Jc..Ks..K`..K.s.Jv..Ks..K...K.p.J...K.p.Jr..K.p.Jr..KRichs..K................PE..L...Ro.Z.........."!.........l...............................................@'...........@.........................0...<...l...<.............................&..k......8...............................@...............l............................text............................... ..`.rdata...r.......t..................@..@.data...0{...0......................@....rodata.......&......,..............@..@.gfids........&......:..............@..@.reloc...k....&..l...<..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\icudtl.dat

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):10196592
                                                                                                                                                                                                                                                  Entropy (8bit):6.187370398127412
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:196608:AkUPty2AZfpN9wliXUxjdyRWhlEzkuaxQ2:u12Zh8liXUxjdyRWhlEzkJxt
                                                                                                                                                                                                                                                  MD5:BE464D15F6FB048F06C686CF84A5E8A5
                                                                                                                                                                                                                                                  SHA1:FDF57B70D4F3BF029B164E8AD2E2914912D80404
                                                                                                                                                                                                                                                  SHA-256:2399E3149C121DDA8C30C622574F1EF9D0B26E4BB665E80E4643E6CF6597602F
                                                                                                                                                                                                                                                  SHA-512:74130FFB3A43A76B286F55885D4FC0DED83DBC8389C734A0BC79D1981A6F64DC1928CCB8774A0901B76BE5C492E84FCA7BC4EFE27F430E5D3941C8BC3FB1B52C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .&...4... ^..D...p^..T....^..d.......t...p.......@...............`.......p.......................`.................../.......@.......P...`...`.......q...........`........".......C...... D.......&......`........?&.%....J&.<....K&.S....R&.m....S&......[&......\&......a&.....`d&......e&.......'.....`.(.5...Pe*.W...@H,.w...0....... ./.......1.......1.....p.1.......1."...`.1.;...pM2.W.....2.u...`.4.......5.......6.....@!6......"6......"6......J6......K6."...@m6.7....6.L.....6.a...0 7.v....D7......h7.......7......'8......'8......M8......N8......P8.-....P8.E....P8.Z.....8.p....8.....p.8.....P.8.....P.8.....P.9.......9......9.. ...9.) ..0.9.> ..P.9.V ....9.k ....:.. ...d:.. ...:.. ..P.:.. ....:.. ....:.. ..`.:..!...:..!..0.:.1!....:.F!.. .<.[!....<.p!....@..!..@.A..!...9A..!...UA..!...VA..!...qA..!...qA.."....A.."....A.0"..0LB.E"...LB.]"...LB.r"..

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\libEGL.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):79872
                                                                                                                                                                                                                                                  Entropy (8bit):6.272851032614018
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:PbX1lRbkAcXNeW9Wq3uYrDf8QuBOpTnsWGrcdmrFsvkrbUyD6:DlZ6+42kJzm2crAym
                                                                                                                                                                                                                                                  MD5:3D91701E1DB09BAF08072A8BA4966B4A
                                                                                                                                                                                                                                                  SHA1:E8DF6EDBEB2D3114F84E41FAD0172183959C3055
                                                                                                                                                                                                                                                  SHA-256:33F1CDAFA504D9B6AD973B499991AD7D39D71C1E7A875DAFC963CF8853113DE3
                                                                                                                                                                                                                                                  SHA-512:44DA984D540EB566713C0C6000899C8A20FA27D84C68D45BBCCEB170C737A4DA73470B91E300DA3682E17EB370D46F3F11CACF7ECE996A21895BEF0B091DC480
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`9pk$X.8$X.8$X.8I..9-X.8I..9QX.8I..9<X.8...95X.8...92X.8...9+X.8...9'X.8I..9&X.8$X.8.X.8...9%X.8...9%X.8...8%X.8...9%X.8Rich$X.8................PE..L....*.Z.........."!......................................................................@.................................X...<....`.. ....................p..8...P...8...............................@...............$............................text............................... ..`.rdata..Nl.......n..................@..@.data........0......................@....gfids.......P....... ..............@..@.rsrc... ....`......."..............@..@.reloc..8....p.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3175936
                                                                                                                                                                                                                                                  Entropy (8bit):6.741601405971993
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:PKlgHyXxQppGCYBidljbsROv/ZLDTMxrhxLd5nn6pHgoTdt8V98fWiorrTp6b0hQ:PagHyXxgpGCYBsbom/ZLgnqn4VWfA
                                                                                                                                                                                                                                                  MD5:7E5AC4F889AB8A2078E3C6232FE8A22E
                                                                                                                                                                                                                                                  SHA1:F43974B6D7FBC49995D0633F70AE52DDC74B65A6
                                                                                                                                                                                                                                                  SHA-256:A7402A23ADDCA3EB67154519542797199E282A731275965EBB2EDCDDD430BA63
                                                                                                                                                                                                                                                  SHA-512:85D608FEDEAF67FC063F4FAE4C0C43D65DEACD694491F8970B148CF22FC6390AE269E9F031E144B3AB164547C93CDEC2B1F5EDC057415FCCA6B57024ECFDB14A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q.NZ0h.Z0h.Z0h.7mk.k0h.7mm..0h.7ml.k0h.ank.A0h.anm.)0h.anl.y0h..nl.P0h.7mi.W0h.Z0i..0h..nm..1h..nh.[0h..n..[0h..nj.[0h.RichZ0h.................PE..L....*.Z.........."!......$........... .......$...............................1...........@..........................;..8h..(........p/.8...................../..~....-.8.....................-.....8.-.@.............$..............................text...".$.......$................. ..`.rdata........$.......$.............@..@.data...........D..................@....tls.........P/.....................@....gfids.......`/.....................@..@.rsrc...8....p/.....................@..@.reloc...~..../.....................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\am.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):308990
                                                                                                                                                                                                                                                  Entropy (8bit):4.989569682149892
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:AhTwNNE2wRY6NK6fWdpHcCE9G2KDqRhSoT+CdulqdAuA8D/WPnj5mqGr9R3rvSWL:Ah+EVwueuqSq6T+Gz7+uf
                                                                                                                                                                                                                                                  MD5:3487D77760CF08ED1DD22844263A6A05
                                                                                                                                                                                                                                                  SHA1:1A295AAC1C2D4110CFEF136720EF9EA453758812
                                                                                                                                                                                                                                                  SHA-256:C14D8ACC6B1662071FFBE20BC7032EA5AC7CDE0014923E30918419A385A98C6E
                                                                                                                                                                                                                                                  SHA-512:672BF545BBA5C9CDF3381E8FE4F697FD0E44E6A7E31FA72F38FEDDDDCED9FB5D4313BCD165CC8E5B9DB78A14F690861CEEC8B0AF5895544C1888780361EA04EC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........;.c.v..o..w..o..x.5o..y.@o..z.Lo..{.[o..|.fo..~.no....so.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p....#p....*p....1p....8p....:p....<p....=p....>p....Cp....vp.....p.....p.....p.....p.....q.....q.....q.....q.....q.....r....8r....Ur....tr.....r.....r.....s.....s.....s.....s.....s....3s....Cs.....s.....s.....s.....t....#t....@t....xt.....t.....t.....t.....t.....t....3u....Yu....yu.....u.....u.....u.....u.....u.....v....<v.....v..!..v.."..v..#..v..$..w..'.Pw..(.aw..1..w..2..w..3..w..4..w..5..w..6..w..7..x..8.Cx..9.Kx..<.ox..=..x..>..x..?..x..@..x.....y.....y....;y....`y.....y.....z....-z....^z.....z.....z.....{.....{.....|.....|.....}....g~....,.....H.............................p...........}.....}..........................%......................V...................................z..........9.....|.................?.....x...........x........................................i.....#..........T...........&...........a..........e.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\ar.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):301213
                                                                                                                                                                                                                                                  Entropy (8bit):5.042686869043563
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:KiTNc1JmImtj+px4UuilzOmOraGZ/Gz1NlkL7NDn:nc3mtKparilzOmOuGZ/Gz1Nl67NDn
                                                                                                                                                                                                                                                  MD5:3D448AB497AA1799D45EAE7109384D91
                                                                                                                                                                                                                                                  SHA1:7F45D4F715B834CE4BB2F88FE0748E4CBBF6EA24
                                                                                                                                                                                                                                                  SHA-256:9D2BDB4983F7472B82A8972FFB27AB6D91ED06395A0677EFA41DBE90CE9EAF1F
                                                                                                                                                                                                                                                  SHA-512:D7D2E2AEE35B86D212D1434E0C50574C09D14341E9340A9E451BA14F9B1FE06449F499E84001C9B11530498BF3A3E5C4BFF3148EE131FFB74FE0F26614CD6080
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............v..n..w..n..x..o..y..o..z..o..{.)o..|.4o..~.<o....Ao....No....To....co....to....}o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p....=p...._p....xp.....p.....p.....p.....p....Mq....lq.....q.....q.....q.....q....)r....Fr....Nr.....r.....r.....r.....r.....r.....r....7s....Ws.....s.....s.....s.....t....bt....wt.....t.....t.....t.....t....9u....[u....wu.....u.....u.....u.....u.....u.....v....*v.....v..!..v.."..v..#..w..$.4w..'.Ow..(.fw..1..w..2..w..3..w..4..w..5..w..6..w..7..x..8.?x..9.Ix..<.cx..=..x..>..x..?..x..@..x.....x.....y....6y....Ly....py.....y.....y....)z....Yz.....z.....z....V{....6|.....|....5}.....}.....~.....~..........%.....R.....x...........Q..................................B.......................u..........B............... .................4.....e.....{...........%....._...........h...........%.................a................d...........z..........N.......................u...........s......

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\bg.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):352497
                                                                                                                                                                                                                                                  Entropy (8bit):4.755138455706617
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:q1rE8AR5OiIglYhUEJGbApQ3KtAdmjBdvL9E9hyh5HpSSJoDGz6tXR1MvcZZ9l5y:qJc5OiIglYhU2p6KtAgjvvL9E9hyh5Ht
                                                                                                                                                                                                                                                  MD5:6A0E10DB2A0E3F03C7FA7D645E08E590
                                                                                                                                                                                                                                                  SHA1:CB70A74193924979379B48756BBBC06644FA06BF
                                                                                                                                                                                                                                                  SHA-256:FE78BF7586038401BBD4263A7DDC308C51CBF56755AE53C58239827A12DB3C72
                                                                                                                                                                                                                                                  SHA-512:BAEF89EFC49122DAF10C72FFBF7A49C4A96E6395BB8D14A24411C5944950F18D7CEDC510995E7276FAFAB7A460F2F14F4932F83B50EC3B2B53B7C6A73639AE19
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........3.k.v..n..w..o..x.To..y.\o..z.ho..{.wo..|..o..~..o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p...."p....'p..../p....7p....?p....Fp....Mp....Tp....Vp....Xp....Yp....Zp...._p.....p.....p.....p.....q....$q....(q....Eq.....q.....q.....q.....r....Cr....Sr....xr.....r.....r.....s.....s.....s.....s....%s....Hs....[s.....s.....s....Vt....jt.....t.....t.....u....&u...._u....~u.....u.....u....<v....sv.....v.....v.....v.....w.....w....Sw....gw.....w.....x..!.Jx..".Mx..#.kx..$..x..'..x..(.4y..1..y..2..y..3..y..4..y..5..y..6..z..7."z..8..z..9..z..<..z..=..z..>.({..?.4{..@.b{.....{.....{.....{.....{...."|.....|.....|.....|....-}....w}.....}.....~...........................E.....Y......................B................Y.....Y..................................................g..........6...............>...........-.................................._...........i...................... .....x...........................F...........C.....................6.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\bn.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):462072
                                                                                                                                                                                                                                                  Entropy (8bit):4.3464305039308515
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:8gTKfUNuoRNI84PZcru+GLNJ8a/DNnSouL/AEUVOmZCjQAJ7ExApk/hiS4XqKs+x:xKCI84RhDLNJ8a/DtRIGz/TrH2v
                                                                                                                                                                                                                                                  MD5:1D1702C905BD17A8B159CC96D71F80A0
                                                                                                                                                                                                                                                  SHA1:A97058A2AC40C25C042765C2349CB92178F32A6D
                                                                                                                                                                                                                                                  SHA-256:12DB687A023BDDCB0BD4C52C13B33FE2386A4B7C59BFF5DD47463D91438627DE
                                                                                                                                                                                                                                                  SHA-512:C5A79411D5D1396A2BCB40426998BEF063B01F49AECF408E605E38BC32097F17C2B3E7B0E6FB5E1E2C89104DCD4700390E3313F996ECD7D9C0A347F58492EE9D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........F.X.v..o..w.Go..x.ro..y..o..z..o..{..o..|..o..~..o.....o.....o.....o.....o.....o.....o.....p.....p.....p....*p....0p....Bp....Jp....Op....Wp...._p....dp....lp....sp....zp.....p.....p.....p.....p.....p.....p.....p.....q....9q....aq.....q.....q.....q....nr.....r.....r.....r.....s....)s....fs.....s.....s.....t.....t.....t....-t....Nt....jt.....u.....u.....u.....u.....u.....v....zv.....v.....v.....v....)w....8w.....w.....w....>x.....x.....x.....x.....x.....y....#y....fy.... z..!.tz..#.wz..$..z..'..{..(.;{..1..{..2..{..3..{..4..{..5..|..6.I|..7.i|..8..|..9..|..<..|..=."}..>.^}..?..}..@..}.....}.....~....R~.....~.....~....F.....p.................J................=.....................%.....Q..........".....n.......................C.....C.............................................(................m.....$.....6...................................$...........6..........{.................G...........................].................^................}................[.......

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\ca.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):219172
                                                                                                                                                                                                                                                  Entropy (8bit):5.446597696608438
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:PbVolhDbKnDnTi1oiSd37OLwsSngsB4HLPg5GRBWeOP4s2uxRnGbDRyl5ML8XXLE:PbyVbKnDnTi1oiSdL/sSngsB4HLPg5Gl
                                                                                                                                                                                                                                                  MD5:FB6E7970211D5625E835D555D4BBA48B
                                                                                                                                                                                                                                                  SHA1:A257D099D65F49ED7FBC28AED4126E413837E712
                                                                                                                                                                                                                                                  SHA-256:A05F12CBEE17DCA00B5FF5AE2F765934DE0BF4BD3DE2399E148E2A4B4C27CF15
                                                                                                                                                                                                                                                  SHA-512:6850CE28F69461FC9CB91F26D39C02A8C16D7873EC1C7F72C7A3FEB7D508BE85B8F2CC8384F88681D5C420F0A3705A21F53B53D44DD2088E57E7E3ED29336F35
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........*.t.v..n..w..n..x..n..y..o..z..o..{."o..|.-o..~.5o....:o....Go....Mo....\o....mo....vo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p....,p....Fp....`p....yp.....p.....p.....p.....p.....p....+q....Lq....tq.....q.....q.....q.....q.....q.....r.....r.....r.....r....!r.....r....pr....vr.....r.....r.....r.....s....?s....Os....fs....us.....s.....s.....s.....s.....t....5t....At....Mt....Rt....wt.....t.....t.....t..!..u.."..u..#.4u..$._u..'.|u..(..u..1..u..2..u..3..u..4..v..5..v..6.+v..7.9v..8.Rv..9.hv..<..v..=..v..>..v..?..v..@..v.....v.....v.....w....'w....Iw.....w.....w.....w.....w....%x....ex.....x....ay.....y....Ez.....z.....{.....{.....{.....{.....|....9|.....|.....|.....~.....~....]~....p~....}~.....~.....~.....~..........p..............................................[.......................$.....a..........!......................._.........................................................[...................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\cs.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):222928
                                                                                                                                                                                                                                                  Entropy (8bit):5.8492319738474245
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:EysrTWAyYEh+dhmboD8Ht/c7GzQN1iQ3SGa8QXNsBsy:EjTWadND8N/AGzM3SGa8QXysy
                                                                                                                                                                                                                                                  MD5:0DE45D7E1B412E22BE95C3B287FFD829
                                                                                                                                                                                                                                                  SHA1:D5A325663828D2D83E213F5FD21A19CB87552012
                                                                                                                                                                                                                                                  SHA-256:1AAC639E8082714EBAB136897BEF570FC71A9E5C16CD6B863DF7DD90225CE359
                                                                                                                                                                                                                                                  SHA-512:8E5FC0AC02D788383360261CB69DAD899D4A0D90FED656768962B912D0E2E61FD177BB6401D355D4F71B668733ACA7F61F0528E420E8BB2CF405D50DDB0D285F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........(.v.v..n..w..n..x..n..y..o..z..o..{..o..|.(o..~.0o....5o....Bo....Ho....Wo....ho....qo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.... p....=p....Mp...._p....qp....up....~p.....p.....p.....q....+q....Sq....mq.....q.....q.....q.....q.....q.....q.....q.....q.....q.....r....Dr....Ir.....r.....r.....r.....r.....r.....s....&s....8s....Ys....\s.....s.....s.....s.....s.....s.....s.....s....%t....-t....>t.....t..!..t.."..t..#..t..$..t..'..u..(..u..1.Ru..2.cu..3.fu..4..u..5..u..6..u..7..u..8..u..9..u..<..u..=..v..>.0v..?.0v..@.<v....Hv....`v.....v.....v.....v.....w....5w....nw.....w.....w.....x....ox.....y....oy.....y.....z....C{....k{.....{.....{.....{.....|....f|.....|.....}....B~....O~....v~.....~.....~....*.....H.................d................%.....g.....m......................^................b.......................c................K......................T................5.................u..........E.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\da.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):200377
                                                                                                                                                                                                                                                  Entropy (8bit):5.499414523111267
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:bVNljn0aCxSv5c65RWOy+wKcZHH9f9C14bjT5o5w70btoGzZomQvTiJg8go+be:bVN+y5c0sOJwK2Hd9zz8w70yGz6Tilb/
                                                                                                                                                                                                                                                  MD5:47C0B2B8CC6588F2A15102D72C7EDE08
                                                                                                                                                                                                                                                  SHA1:F6A166B0187034D145405EDC2768D38EF33146C2
                                                                                                                                                                                                                                                  SHA-256:F07438552FA00CB5162496E4F2B28F65CD6A4B00DDF55D2A81D199D0C27E6B01
                                                                                                                                                                                                                                                  SHA-512:B25B8A35FB9E4ECBB42534B1B3EE1A6A4201FE37FA9A5EF3244C9FFF4810A1D5326C88DDA321E80FA6D3A97B82601175C58511D29F851615457DFD322C4C200C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........6.h.v..n..w..o..x..o..y.#o..z./o..{.>o..|.Io..~.Qo....Vo....co....io....xo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.... p....!p....#p....Np....cp....qp.....p.....p.....p.....p.....p.....p.....q.....q....Vq....fq.....q.....q.....q.....q.....q.....q.....q.....q.....q.....q....1r....8r....vr....zr.....r.....r.....r.....r.....r.....r.....s.....s....Ms....[s....ns.....s.....s.....s.....s.....s.....s.....s....!t..!.:t..".=t..#.[t..$..t..'..t..(..t..1..t..2..t..3..t..4..u..5..u..6. u..7.+u..8.@u..9.Iu..<.Vu..=.nu..>..u..?..u..@..u.....u.....u.....u.....u.....u....4v....Iv....pv.....v.....v.....v....Nw.....w....Ax.....x....Hy.....y.....y.... z....2z....Pz....lz.....z.....{....8|....8|....~|.....|.....|.....|.....|.....}....,}....D}.....}.....}....\~.....~.....~.....~....8.....5.....^.............................H.....................D......................{...........{..........B.....i.............................*.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\de.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):218238
                                                                                                                                                                                                                                                  Entropy (8bit):5.500424742834676
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:Qn9+TpDs0JIReHsIHqlEmLCfknlY7jWTjTWeU8vRiGz8ry/ZWNP42RsHRYo2:Qn9/0egsIHYnftRiGztDRYj
                                                                                                                                                                                                                                                  MD5:71347994A421DBF425662118AF56C443
                                                                                                                                                                                                                                                  SHA1:E0FA1F936A7F74CE82F5EEB65B539567B14D15E7
                                                                                                                                                                                                                                                  SHA-256:E9DB38929474FFA230FFADC27660E8D37E882FBE462E7EFA08E07E6F420EF403
                                                                                                                                                                                                                                                  SHA-512:994EB2E561A96A97A030C25B8F0F2BD8DC8F332BEAB7D9BE081A478B7766351A93A2E8CC9C932C2959C6725FD7D2B93AF5F894E1A2D7D06EAEF16E2BAAE8FB93
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............v..n..w..n..x..n..y..n..z..n..{..n..|..n..~..n.....n.....n.....o.....o.... o....)o....>o....Ko....Qo....`o....fo....xo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p....0p....4p....Gp.....p.....p.....p.....p.....q.....q....0q....Gq....Oq....{q.....q.....q.....q.....q.....q.....q.....q.....q....5r....>r....Tr....~r.....r.....r.....r.....r.....r.....r..../s....Ds....[s.....s.....s.....s.....s.....s.....s.....s....At..!.at..".dt..#..t..$..t..'..t..(..t..1..u..2..u..3..u..4.!u..5.-u..6.Bu..7.Pu..8.hu..9.qu..<.~u..=..u..>..u..?..u..@..u.....u.....u.....v....2v....Qv.....v.....v.....v.....w....+w....kw.....w.....x.....x.....y.....z.....z.....z.....z.....{....2{....U{.....{....$|...._}...._}.....}.....}.....}.....}.....~.....~.....~.....~....@.......................A.....C......................;.....]...........".....m.....o............................`................V.......................................X..........-.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\el.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):387722
                                                                                                                                                                                                                                                  Entropy (8bit):4.837634876889597
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:x9OX8kykLkn2Ma2hAM3eWrm4umqat4lFvkIC7x5ZimgDqW7bavxJsU+XLQPJS0GO:x9OX8kykLkn2Ma2hAM3eWrm4umqat4lq
                                                                                                                                                                                                                                                  MD5:E7A605E0D6E04468D8A28DC4591161A3
                                                                                                                                                                                                                                                  SHA1:07200D4BE98459C7CBE20A38DBBC3DCD8393FBA4
                                                                                                                                                                                                                                                  SHA-256:7A14061D24CD9ABDE15A56314B6082E414B75D4AB2251BBF3F811F1085B6BB60
                                                                                                                                                                                                                                                  SHA-512:3416D5E8A05D75A5B60F6BEC6836814B45CF2A8A9D4905D23672028B3D087B7F86BD7CBB9DA381F702245009F51DE8D6E797719B1C20927C0E8D754279F24CD6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........".|.v..n..w..n..x..o..y..o..z."o..{.1o..|.<o..~.Do....Io....Vo....\o....ko....|o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.....p.....p....Op....yp.....p.....p.....p.....q.....q.....q.....q.....r.....r....Vr....fr.....r.....r.....r....+s....2s....5s....6s....Is....as....vs.....t.....t.....t.....t.....t..../u.....u.....u.....u.....v....Av....Sv.....v.....w....Cw.....w.....w.....w.....w.....x....+x....Nx.....x..!.%y..".(y..#.Fy..$..y..'..y..(.&z..1.uz..2..z..3..z..4..z..5..z..6..{..7..{..8.]{..9.i{..<..{..=..{..>..|..?..|..@.-|....j|.....|.....|.....|.....}.....}.....}.....~....r~.....~....R..... ............................. .....>................$.....o.........................../.....H....._.....}...........O......................|.......................".......................s...........S.......................M........................................"................t...........a......................k.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\en-GB.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):181246
                                                                                                                                                                                                                                                  Entropy (8bit):5.546919367869908
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:rmoOpjHeCY3dlu4CltwM49eR4+8lyriAZm6GzoEpqH6WuQ2oRgglg8d5AS:qoOpjajM49eW+8l+46GznQ2ozv
                                                                                                                                                                                                                                                  MD5:1F127BBBD8E6CF5F9E4A98AE731C8B87
                                                                                                                                                                                                                                                  SHA1:C30636030CAFBE0972E5ED59D3972262716F3552
                                                                                                                                                                                                                                                  SHA-256:6E466C5445AB44D22B300CA26061D8A23B45DEAECD56B3843BED4191468A0D82
                                                                                                                                                                                                                                                  SHA-512:8644B558CA0757F53BB9E8D0D5B9F7FFAD1ACEB648696F5774F888B0B3D6B3708A4B28DC80FBAFB05C4E4F6D9BE6DA8069C1270C03240FA29DF1B0F982B1B86A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........j.4.v.^o..w.ho..x.wo..y..o..z..o..{..o..|..o..~..o.....o.....o.....o.....o.....o.....o.....p.....p.....p....+p....1p....Cp....Kp....Pp....Xp....`p....hp....op....vp....}p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p....,q....5q....iq....|q.....q.....q.....q.....q.....q.....r.....r.....r.....r.....r....&r....-r....4r....Yr....]r.....r.....r.....r.....r.....r.....r.....r.....r.....r.....r....(s....8s....Ks....]s....es....rs....ws.....s.....s.....s.....s..!..s.."..s..#..t..$.At..'.Ot..(.`t..1.yt..2..t..3..t..4..t..5..t..6..t..7..t..8..t..9..t..<..t..=..t..>..u..?..u..@.!u....1u....?u....Uu....fu....|u.....u.....u.....u.....v..../v....cv.....v....Uw.....w.....w....]x.....x.....x.....y....%y....Ky....ly.....y.....z.....z.....z....9{....F{....P{....c{....z{.....{.....{.....{....I|.....|.....|....Z}....^}.....}.....}.....~.....~.....~.....~....Q.....s.................W......................-.....X...........,.................U.....{.......................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\en-US.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):182614
                                                                                                                                                                                                                                                  Entropy (8bit):5.535427154888747
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:9c4eClhTz7vjYUP1f4Clu+M49eED3JBcyF/Uk4HGzKEphBqk8w2oqggl4lxvaBv:9zT91M49e23JBceuHGzOw2olG
                                                                                                                                                                                                                                                  MD5:6032FD2B0B129F278FDCCA1DE6A48A58
                                                                                                                                                                                                                                                  SHA1:4ADFBC1742399C1C9FF2FB43F41C018B22510BC4
                                                                                                                                                                                                                                                  SHA-256:602D1BCD34DFD64D903511C8C86B2D9099D508E8E29DBCFE5631BAD77049DFEA
                                                                                                                                                                                                                                                  SHA-512:2AB832CC4D67614F531B1756EC957D9DA181D1CB52E80994CE1F4969BB149201E6485B30C20BAE1D707E54698F6E4C92E00B0F7EAE5C0036659BCC210B8DAF1D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............v..o..w..o..x..o..y..o..z..o..{..o..|..o..~..o.....o.....o.....o.....p.....p.....p....1p....>p....Dp....Sp....Yp....kp....sp....xp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q....Tq....]q.....q.....q.....q.....q.....q.....q.....r....-r....4r....7r....8r....=r....Hr....Or....Vr....{r.....r.....r.....r.....r.....r.....r.....r.....r.....r.....s.....s....Ks....[s....ns.....s.....s.....s.....s.....s.....s.....s.....t..!..t.."."t..#.@t..$.dt..'.rt..(..t..1..t..2..t..3..t..4..t..5..t..6..t..7..t..8..t..9..t..<..u..=..u..>.5u..?.9u..@.Du....Tu....bu....xu.....u.....u.....u.....u.....v....1v....Rv.....v.....v....uw.....w.....x....}x.....x.....x....1y....Ey....ky.....y.....y....'z.....{.....{....Z{....g{....q{.....{.....{.....{.....{.....|....j|.....|.....}....{}.....}.....}.....}.....~.....~................j.................7.....p.....0.................B.....m...........A.................e................'............

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\es-419.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):216518
                                                                                                                                                                                                                                                  Entropy (8bit):5.4044282508656325
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:UDPC53pYMdj5U9s4G6OGzw6ShhKObfFmd:0Pk1jUjOGzEKObfFmd
                                                                                                                                                                                                                                                  MD5:599282267A7DC09B889B51D344DB9589
                                                                                                                                                                                                                                                  SHA1:7598EAC038A194A3703E243F40D066EB5E7251AB
                                                                                                                                                                                                                                                  SHA-256:55C699B42F85E2731501F2FFF6BEC70EF2E1B22A44916CDF7A779966D0F0F36D
                                                                                                                                                                                                                                                  SHA-512:083F276C91929A631B69EA508793CB268E09EC4C656C49D316CD6482A17074DF4B93E0D9A08AAE16B7FA5AD802EF1EFB4D71E477222C589AD8CC6C7B5A4F7781
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........;.c.v..o..w..o..x.#o..y.,o..z.8o..{.Go..|.Ro..~.Zo...._o....lo....ro.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p....$p....&p....(p....)p....*p....,p....Pp....ip....{p.....p.....p.....p.....p.....p.....q....Aq....Vq.....q.....q.....q.....q.....q....'r.....r....1r....2r....9r....Jr....Xr.....r.....r.....r.....r.....r.....s....Cs....Rs....ls....}s.....s.....s.....s.....s.....t....1t....<t....It....Ot....st.....t.....t.....t..!..t.."..u..#..u..$.Iu..'.gu..(..u..1..u..2..u..3..u..4..u..5..u..6..v..7..v..8..v..9.6v..<.Nv..=.bv..>.|v..?..v..@..v.....v.....v.....v.....v.....v....Jw....ew.....w.....w.....w....(x.....x....Py.....y.... z.....z....={....X{.....{.....{.....{.....{....0|.....|.....}.....}.....~.....~....!~....3~....U~.....~.....~.....~....1.................W.....[...........................<.....P......................................p..........%.....V...........<..........H................?.................d.......

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\es.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):220387
                                                                                                                                                                                                                                                  Entropy (8bit):5.38015309500299
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:gyKjLLfkjrePEPJL1TPoPGVm28NvGzrwSbf116z8T5hk83:gDjgJLSuA2MvGzj1+8T/k83
                                                                                                                                                                                                                                                  MD5:01A85629CAE9F611EADE72BE40B180A3
                                                                                                                                                                                                                                                  SHA1:54CC3044BC4EC327E46614CD3AF629778724620A
                                                                                                                                                                                                                                                  SHA-256:846007823D3694623C0AF267DF55CAA0BA09B81EC876770D4080B7CC2B37D127
                                                                                                                                                                                                                                                  SHA-512:CBEBEDCA25D3379DE9C8EFBE03BA181DC4EA2C16A41D4B7B63DE78197B9790060576DEA3C85F4DCC20E2AFE04C623FC17825D8676199BD87C49D905BD6B4E52D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......../.o.v..n..w..n..x..o..y..o..z..o..{..o..|.9o..~.Ao....Fo....So....Yo....ho....yo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.....p....7p....Pp....cp....sp.....p.....p.....p.....p.....p....(q....Iq....qq.....q.....q.....q.....q.....r.....r.....r.....r.....r....,r....|r.....r.....r.....r.....r.....s....Gs....Vs....ms....~s.....s.....s.....s.....s.....t....1t....<t....It....Ot....kt....wt.....t.....t..!..t.."..t..#..u..$.>u..'.\u..(.vu..1..u..2..u..3..u..4..u..5..u..6..u..7..v..8."v..9.*v..<.Bv..=.Uv..>.ov..?.wv..@..v.....v.....v.....v.....v.....v....Mw....gw.....w.....w.....w....*x.....x....Cy.....y.....z.....z.....{....8{....j{.....{.....{.....{.....|....{|.....}.....}.....}.....~.....~..../~....Q~.....~.....~..........i...........4.....=.....o....................... .....4.......................|.................Q.................F...........4...........1.......................w...........{..........e.......

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\et.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):195898
                                                                                                                                                                                                                                                  Entropy (8bit):5.5094358617440555
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:pfG6QaKJrfZbEaVS8HikE7Gz/B0oNxlSGNKB:w1aKJrBbEaA5kE7Gz5xlSGNKB
                                                                                                                                                                                                                                                  MD5:72F3746D1BCE919D7A9F594002DEDAD7
                                                                                                                                                                                                                                                  SHA1:5AFEDC11020C7D4860DA8889D866F54FF89FC299
                                                                                                                                                                                                                                                  SHA-256:CD9236C2D42B0B93DDA4AC6B4759F3EAB72E4CF7AE12AAD6B18A282BD5597DFE
                                                                                                                                                                                                                                                  SHA-512:7B1F7D7CE5AA42670FBBBAFB32758511EE12330CD98D573BE8E4AB1A5212B094B8C05E798F2ECBBD7E3440DF3D7A982B2953D4E6998205E863C811B536BEF34B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........G.W.v..o..w.(o..x.4o..y.Eo..z.Qo..{.`o..|.ko..~.so....xo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.... p....(p..../p....6p....=p....?p....Ap....Bp....Cp....Ep....cp....|p.....p.....p.....p.....p.....p.....q.....q....Kq....bq.....q.....q.....q.....q.....q.....r.....r.....r.....r.....r.....r....+r....dr....jr.....r.....r.....r.....r.....s.....s....$s....(s....Js....Ss....|s.....s.....s.....s.....s.....s.....s.....t.... t....3t.....t..!..t.."..t..#..t..$..t..'..u..(..u..1.8u..2.Cu..3.Fu..4.\u..5.gu..6.vu..7..u..8..u..9..u..<..u..=..u..>..u..?..u..@..u.....v...."v....?v....Wv....tv.....v.....v.....w....!w....Aw....xw.....w....bx.....x.....y....qy.....y.....y....5z....Oz....oz.....z.....z....6{....F|....F|.....|.....|.....|.....|.....|.....}....?}....S}.....}.....~....Y~.....~.....~.....~....9...........%.....S.....g.............................................b................'.................n.................M.................O.......

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\fa.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):310038
                                                                                                                                                                                                                                                  Entropy (8bit):5.1138154297993665
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:zR07QyOoiW7CXkbP803LqN2DsiWA39J+FtnoaLeOnbVWcan1baX328H1jvgfyf3i:zR07QyOoiW7CXkbP803LqN2DsiWA39Jz
                                                                                                                                                                                                                                                  MD5:382371AE586D2374C32DE690CC765923
                                                                                                                                                                                                                                                  SHA1:D62A65457FE708ECE7C78D01880DA96ABC31F42C
                                                                                                                                                                                                                                                  SHA-256:5426D547966D0C533E6F6B2171D88B54600CEDDA112EB4AEF371E4A8FE1C831B
                                                                                                                                                                                                                                                  SHA-512:8E1B332FE7C7B7A9B54A55483640DBF19DDE2278EA9E913FDDB0D004C79E57DFB62C5E9A0DFA9C3FED7A94566A7C3B3D6DB9DA84B4B44CE0EDCCA507F15BC60B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............v..n..w..n..x..n..y..n..z..o..{..o..|. o..~.(o....-o....:o....@o....Oo....`o....io....~o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p....Lp....fp.....p.....p.....p.....p....:q....Cq....tq.....q.....q.....q.....q.....r.....r....sr....zr....}r.....r.....r.....r.....r.....s....*s.....s.....s.....s.....s.....t....)t....Jt....Rt.....t.....t.....t.....u.....u....?u....Ru...._u....gu.....u.....u.....u....Jv..!.{v..".~v..#..v..$..v..'..w..(.%w..1.Xw..2.gw..3.jw..4..w..5..w..6..w..7..w..8..x..9.#x..<.Dx..=.dx..>..x..?..x..@..x.....x.....x.....y....By....uy.....z..../z....]z.....z.....z....%{.....{.....|.... }.....}.....~................=.....a................@..........S.....S............................c.......................s..........t.....|..........>................H.....b...........M...........C...........%.................".....r.....'....."......................W..........T.................E..........O.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\fi.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):202908
                                                                                                                                                                                                                                                  Entropy (8bit):5.444487253154988
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:YeTkfKGhsEF06cCSx6QG0529LQXn2anYCCkFAkA/640IQfGtATyzlUUFpeiXHQ4M:jcKG7cQQ74kPmmfGzeRHld4X1hwcM
                                                                                                                                                                                                                                                  MD5:C152EF7B4C7B9C46A31C6EB100988B1E
                                                                                                                                                                                                                                                  SHA1:8409B628642A0471024001CA119A1C340EE357FF
                                                                                                                                                                                                                                                  SHA-256:CB83ACC53E2A1256D697D9B3DB66AD2528634E62A7479F59A8F5B016518D2052
                                                                                                                                                                                                                                                  SHA-512:9713712491C78BCF1DE9D403906F98B3034A540085C59EF4EBF4771F019B03A7914BA4F06A8E01C207C97075A5C1AE79780C492A7173A89D77783E5EDECA4D28
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............v..n..w..n..x..n..y..n..z..n..{..n..|..n..~..n.....n.....o.....o.....o....-o....6o....Ko....Xo....^o....mo....so.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p....,p....0p....6p.....p.....p.....p.....p.....p.....q....#q....7q....?q....tq....{q....~q.....q.....q.....q.....q.....q.....q....Br....Jr....\r....or.....r.....r.....r.....r.....r.....r.....s....$s....9s....Xs....`s....ms....rs.....s.....s.....s.....t..!..t.."..t..#.;t..$.Xt..'.nt..(..t..1..t..2..t..3..t..4..t..5..t..6..t..7..u..8..u..9.+u..<.?u..=.Su..>.pu..?.uu..@..u.....u.....u.....u.....u.....u....Ev....^v.....v.....v.....v.....v....Fw.....w....Mx.....x....Qy.....y.....y.....z....8z....`z.....z.....z....!{.... |.... |....f|....s|....~|.....|.....|.....}.....}....v}.....}...."~.....~.....~.....~.....~......................*......................j.......................S................+...........'................(.....q...........^................p.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\fil.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):224444
                                                                                                                                                                                                                                                  Entropy (8bit):5.228648065023812
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:bPZagHzi5cmvTHf4O14Nngxo/tgNFfX4WDZM3obaSRUA51SQHZ30GzUOoirpMC+O:TZhHziymQg1DZzbaSRUA55Z30Gz2fcJ
                                                                                                                                                                                                                                                  MD5:5049197EB9CD66BA4B99950BE0952ED0
                                                                                                                                                                                                                                                  SHA1:EC9142FE23BE77049CE5B6EDEAD5E12526F013C8
                                                                                                                                                                                                                                                  SHA-256:206EA11AA7D55AB1DE9FF105330CCD932D5F93CA19B886E29AD1D0CC7DB3F8B8
                                                                                                                                                                                                                                                  SHA-512:8B5F08683F844C8889ABC6AD52BE2FDCE431BBAE27048559EC43ED98C8B2F21C7B367D8B3B00A386C24C8A12F29A76EF4F2711CF42E5F0B1F712FAA282CB67C7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........d.:.v.Ro..w.\o..x.no..y..o..z..o..{..o..|..o..~..o.....o.....o.....o.....o.....o.....o.....p.....p.....p....*p....0p....Bp....Jp....Op....Wp...._p....gp....np....up....|p....~p.....p.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q....Sq....\q.....q.....q.....q.....q.....r.....r....$r....Xr...._r....br....cr....lr....}r.....r.....r.....r.....r....#s....+s....?s....Ls....vs....~s.....s.....s.....s.....s.....s.....t....1t....Kt....Yt....ft....kt.....t.....t.....t.....u..!.&u..".)u..#.Gu..$.su..'..u..(..u..1..u..2..u..3..u..4..u..5..u..6..v..7..v..8.6v..9.Cv..<.Pv..=.ev..>..v..?..v..@..v.....v.....v.....v.....v.....w....cw....{w.....w.....w.....w....&x.....x....Iy.....y.....z.....z....2{....I{.....{.....{.....{.....{....5|.....|.....}.....}.....~.....~....*~....A~....X~.....~.....~..........j...........$..................................P.......................2.....f...........I.....4.................m................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\fr.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):234980
                                                                                                                                                                                                                                                  Entropy (8bit):5.421057409292579
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:HGXatzmw9UGf8pwG6uwTVUuKv/66p3bW4+a7XGxVG6r+Qd9QbUdOuNGzq3nXrotS:HGBw9Xf8pwG6uwTVkLWzFxD+uDouNGzK
                                                                                                                                                                                                                                                  MD5:C0553CD71822D64284A1D70F17CB994A
                                                                                                                                                                                                                                                  SHA1:06943882BBDD32BB0E725803BCBE82FAF93EA304
                                                                                                                                                                                                                                                  SHA-256:5449A77A65041E434E6A5F6BA771274B8866F86E8C83C8BA7B004460E596618B
                                                                                                                                                                                                                                                  SHA-512:28D802395B54450E60831A8C0263BB7C1EE8AECF4A8B6B33C66C4B22DB841C20608219A361C68D420B811F5CFDCFD917AE9C86553B022D0B1C408AFDFD7011AE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............v..n..w..n..x..n..y..n..z..o..{..o..|..o..~.&o....+o....8o....>o....Mo....^o....go....|o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o....#p....Ap....Qp...._p....qp....up.....p.....p.....p.....q....2q....Zq....jq....yq.....q.....q.....q.....q.....q.....q.....q.....q.....r....Gr....Mr.....r.....r.....r.....r.....r.....r.....s.....s....6s....@s....us.....s.....s.....s.....s.....s.....s.....t....(t....At.....t..!..t.."..t..#..t..$..t..'.#u..(.:u..1.hu..2.tu..3.wu..4..u..5..u..6..u..7..u..8..u..9..u..<..v..=..v..>.;v..?.Bv..@.Pv....av....vv.....v.....v.....v.....w....(w....Pw....yw.....w.....w....ix.....y....zy.....z.....z....m{.....{.....{.....{.....|....0|.....|.....|....,~....,~....r~.....~.....~.....~.....~....!.....P.....c.................{.................B............................,..................................................o.......................6...........).....y..........@...................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\gu.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):438088
                                                                                                                                                                                                                                                  Entropy (8bit):4.403869975349536
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:p0u0GmIpJw3jK7hXKZvmRef5aBN9kRB8blGS4e94rqWHD4A4ZunuVm9nh2jssscU:p0uNYMMGzDDm5
                                                                                                                                                                                                                                                  MD5:AB93A11D453C5121D21BBFE30A4C054C
                                                                                                                                                                                                                                                  SHA1:69E9CCABB3D5558AD9E5A34E74527623F53E2D56
                                                                                                                                                                                                                                                  SHA-256:0B7CA560C30857AC884AF9228558FC1C57C14A060990B8854D5EF2A915A6BD78
                                                                                                                                                                                                                                                  SHA-512:F1F5952FC3D508888729CDE039672094D9087468412FBA525F472EF360D2E4CAFD555E3607684BDC05C3B1C73CF64804EF79D0669BDAEC6D535E4731011701FE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........I.U.v..o..w.Jo..x.xo..y..o..z..o..{..o..|..o..~..o.....o.....o.....o.....o.....o.....p.....p....#p....)p....8p....>p....Pp....Xp....]p....ep....mp....up....|p.....p.....p.....p.....p.....p.....p.....p.....p....-q....Uq.....q.....q.....q.....q....sr.....r.....r.....r.....s....+s...._s.....s.....s.....s.....t.....t.....t.....t....@t....Vt.....t.....t....iu.....u.....u.....v....pv.....v.....v.....v.....w.....w.....w.....w.....w....5x....]x....jx....}x.....x.....x.....y.....y..!..z.."..z..#.#z..$.uz..'..z..(..z..1.,{..2.8{..3.;{..4.c{..5..{..6..{..7..{..8..|..9..|..<.A|..=.q|..>..|..?..|..@..}....!}....6}....h}.....}.....}.....~.....~.....~....F..........."...........q.......................L.....|...........G......................Z.....y.....y.....................&...........).....A.......................y.......................{..................................p.................................q...............Q.....z............................m................y.......

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\he.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):257192
                                                                                                                                                                                                                                                  Entropy (8bit):4.806961562543729
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:8kLBv8H6YVIf5XfQw6ojR43EjnB3cfsz6VVKOn0ZOa61W6JM9Dp9GzO4dzk9i5k5:BF8H6YVa54qo86VVKO0UMj9GzO4hKi5+
                                                                                                                                                                                                                                                  MD5:2CE618F91B220F10F9D499F3B6D0B629
                                                                                                                                                                                                                                                  SHA1:BA8B32DCE9A8A1376421457298EB73F11E6901FD
                                                                                                                                                                                                                                                  SHA-256:1188422388C88F340096163DB3E72B934B1F1F43419470BF6C3F5AFAF2B1C882
                                                                                                                                                                                                                                                  SHA-512:852A7AE2B8287CF9BC98E9688C1C616D763F834A253B6B2A11267A818E574C6F4516BF217D66C823A3EE20997D9B5D8B4019E3D855CA9F54E93EC563292F96FD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........%.y.v..n..w..n..x..o..y..o..z.&o..{.5o..|.@o..~.Ho....Mo....Zo....`o....oo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.....p.....p....>p....^p....up.....p.....p.....p.....p....%q....<q....mq.....q.....q.....q.....q.....r.....r....Ir....Pr....Sr....Tr....]r....kr.....r.....r.....r....As....Ks....is.....s.....s.....s.....s.....s.....t....(t....bt.....t.....t.....t.....t.....t.....t.....u....#u....8u.....u..!..u.."..u..#..u..$..v..'.3v..(.Dv..1.hv..2.uv..3.xv..4..v..5..v..6..v..7..v..8..v..9..w..<..w..=.Cw..>.\w..?.mw..@.|w.....w.....w.....w.....w.....x....~x.....x.....x.....y....<y.....y.....z.....z....I{.....{....}|...."}....=}.....}.....}.....}.....}....,~.....~................2.....K.....Z.............................u..........7......................P.....b.......................................o.....................#................<..........m..........E.................b...........c..........Y.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\hi.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):445678
                                                                                                                                                                                                                                                  Entropy (8bit):4.396873847313936
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:ou37hisFrMsu3DhoSFNAYaZxCh4Yknf521DI0BUVWmU8GzKdkaXB+l92FhgPtem2:oyiIjGz1JQ55
                                                                                                                                                                                                                                                  MD5:60D977D28A3DAA8527A3D59B06F49434
                                                                                                                                                                                                                                                  SHA1:6C81AD72072AAC5F555846A49F22C50A7EE5E4D3
                                                                                                                                                                                                                                                  SHA-256:867DF17ED0158F655C3E41C170D65BC484589A38D6A0D355C6E8FC457395AF94
                                                                                                                                                                                                                                                  SHA-512:02ED4F340E2EFAF4533C2AD0FFC992CE41DBC48D85097E689CAD3A9C6F6CF5DE626AAC4316FA407363A9F97BA3AE3EF68A256B75DE3B9FDBEF04F9B001B80922
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........*.t.v..n..w..o..x.=o..y.No..z.Zo..{.io..|.to..~.|o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p....!p....)p....1p....8p....?p....Fp....Hp....Jp....Kp....Lp....Np.....p.....p.....p....!q....Lq....Pq....eq.....q.....r....Hr.....r.....r.....r.....r.....s....7s.....s.....s.....s.....s.....s.....t.....t.....t.....t....Iu....bu.....u.....u.....u.....v....Kv....iv.....v.....v....Nw.....w.....w.....w.....x....6x....Lx.....x.....x.....x....`y..!..y.."..y..#..y..$.,z..'.vz..(..z..1..{..2..{..3..{..4.I{..5.v{..6..{..7..{..8..{..9..|..<.(|..=.X|..>..|..?..|..@..|.....}....9}.....}.....}.....~.....~....!.....v...........5................Z...........".....*.....X...........M.................R...........................G.....l................z.................w....................................................................A.......................*...........t.....2................".....@.....[.....%................T...........e..... .....X.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\hr.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):210116
                                                                                                                                                                                                                                                  Entropy (8bit):5.560059770538138
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:ab/z9prV9kUXTHemvdU0UiLZa8Qt/azXTpWDcRfHa/Gz9MXtUDW4kxB9ugayV8:ab/zx9klWva/Gzx8DG
                                                                                                                                                                                                                                                  MD5:D35042035A60FA954A746760D4087F2D
                                                                                                                                                                                                                                                  SHA1:82F1A72B32E999569521272C83D9ACA2C256DF2E
                                                                                                                                                                                                                                                  SHA-256:EDF4A903D14BB4B523C898CA8C1CC41DA5011112C98E8BF8FD95D4A789DD406C
                                                                                                                                                                                                                                                  SHA-512:1C50A796374A8C3688F554836F66B0EA2D6C055151B91D4496DF63E4E124E2C197429DCE056370761052266C00550AAF5F04A5F33A32F3CCD871E19C2E34BB86
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........E.Y.v..o..w.!o..x..o..y.?o..z.Ko..{.Zo..|.eo..~.mo....ro.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p...."p....)p....0p....7p....9p....;p....<p....=p....?p....^p....rp....~p.....p.....p.....p.....p.....p.....p.....q....4q....\q....oq.....q.....q.....q.....q.....q.....q.....q.....q.....q.....q....=r....Cr.....r.....r.....r.....r.....r.....s....#s....4s....\s....cs.....s.....s.....s.....s.....s.....s.....s.....t....'t....8t....jt..!..t.."..t..#..t..$..t..'..t..(..t..1..u..2.'u..3.*u..4.Cu..5.Ru..6.cu..7.ou..8..u..9..u..<..u..=..u..>..u..?..u..@..u.....v...."v....Gv....\v....vv.....v.....v.....v.....w....Aw....|w.....w.....x.....x....?y.....y....Iz....\z.....z.....z.....z.....z....@{.....{.....|.....|.....}....0}....;}....S}....s}.....}.....}.....}....S~.....~..........k.....o............................!.....9......................}......................i................F...........8.................)................f.............

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\hu.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):230900
                                                                                                                                                                                                                                                  Entropy (8bit):5.685821417073077
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:1RCKp9HqLqM4HPfbnRGzFBi6P3UlYemdpEU:eKDlMCnRGzxP3Ujw
                                                                                                                                                                                                                                                  MD5:51A14E1E1F5AD373442B4E419F739F34
                                                                                                                                                                                                                                                  SHA1:1FC314D05BE5E1BDB29120B99241820233FD0E27
                                                                                                                                                                                                                                                  SHA-256:F964047A71231A5C550B14F1E05A38B64899806D98304D07CA85C59962161E68
                                                                                                                                                                                                                                                  SHA-512:DC3355B80C5D9C4013BCF36ACF75F12AC83E393F8FF8C96F8B153E3AE4D08F01FBDF96FF01BBA4CE01A4A8A3C2CE0CCE7B8E07DC492E312EA863AD9E71C1F7DD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............v..n..w..n..x..n..y..n..z..n..{..o..|..o..~..o...."o..../o....5o....Do....Uo....^o....so.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p....1p....Ap....Wp....jp....np....~p.....p.....p....,q....Aq....iq....yq.....q.....q.....q.....q.....q.....q.....q.....q.....r.....r....tr....zr.....r.....r.....r.....s....9s....Fs...._s....gs.....s.....s.....s.....s.....s...."t....+t....9t....Bt....kt....xt.....t.....t..!..u.."..u..#.3u..$.bu..'..u..(..u..1..u..2..u..3..u..4..u..5..u..6..u..7..u..8..v..9..v..<.0v..=.Hv..>.gv..?.sv..@..v.....v.....v.....v.....v.....w....kw.....w.....w.....w.....x....px.....x.....y.....z.....z....,{.....{.....{....1|....N|....s|.....|.....|....Y}....u~....u~.....~.....~.....~.....~..........z.................$...............................................M.......................%.....[..........*.................&.................-..........B...........".....f.....................L......

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\id.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):194761
                                                                                                                                                                                                                                                  Entropy (8bit):5.409644577713678
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:EUacICUgaLEo/SwlIGcFZE8rhBCkvCOOo+9B5SBwOr+EqmTMGznj8aj/8Ke5KWVs:2crUb7amiUPs4Gznj/WtIsGatW
                                                                                                                                                                                                                                                  MD5:53571F7667F105BCAE920CE05816EE1B
                                                                                                                                                                                                                                                  SHA1:91E851826C7A4D35047B164ED6A3F51DFFDE5558
                                                                                                                                                                                                                                                  SHA-256:5E2CA5F1DF58F9F300793EC2EFA5B260C1F21D357158A1C07398404638641436
                                                                                                                                                                                                                                                  SHA-512:2AE8D1CDBD85D82AEBC850D0FE74E5F458A79476C9F819EC9BC5B6556548828E3527282802B4F14F09CFE1A5F19AD96B4AF7734708AD1069BE8335F424B5F5EE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........-.q.v..n..w..n..x..o..y..o..z..o..{..o..|.9o..~.Ao....Fo....So....Yo....ho....yo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.....p....-p....Bp....Pp....]p....mp....qp....xp.....p.....p.....p.....q....8q....Gq....Yq....dq....lq.....q.....q.....q.....q.....q.....q.....q.....q.....q.....q....)r....-r....>r....Nr....rr....|r.....r.....r.....r.....r.....r.....r.....s.....s....)s....6s....;s....`s....cs....us.....s..!..s.."..s..#..s..$..t..'.(t..(.8t..1.Qt..2._t..3.bt..4.rt..5..t..6..t..7..t..8..t..9..t..<..t..=..t..>..u..?..u..@..u....*u....:u....Su....gu.....u.....u.....u.....v....4v....Tv.....v.....v.....w.....w....`x.....x....@y....Qy.....y.....y.....y.....y....3z.....z.....{.....{.....{.....{.....{.....|.....|....q|.....|.....|.....}....h}.....}....%~....)~....\~.....~....Z.............................?.....h..........0...........}..........#.....O...........(.................V..............................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\it.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):213013
                                                                                                                                                                                                                                                  Entropy (8bit):5.334158451356358
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:O6Kuu0iwSE4/mUs21V5QfZAD+wFpOzQz/GCedgoe14pL3wLe9eHuZ+bWKBF/4L+j:uwgZoMGzV5s
                                                                                                                                                                                                                                                  MD5:743EDE3F04BA082620FE72458C0176C4
                                                                                                                                                                                                                                                  SHA1:F24F0D035D0B489C4A3FD096D42C6271FEAC218B
                                                                                                                                                                                                                                                  SHA-256:37D33E1B61990AF13F5CB5EEBBF3943EA88E0FCE40778958103DDF3E0A77DF65
                                                                                                                                                                                                                                                  SHA-512:FC43AD216217B9ECD897358EFE5FD7ED4C7606AE99766B8AA450B007BC673342CF429C572B4A7BA4CB2CD6FA683ECC0921E90BF55C74BFAB22912F449544FB20
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........0.n.v..n..w..n..x..o..y..o..z.&o..{.5o..|.@o..~.Ho....Mo....Zo....`o....oo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.....p.....p....?p....Lp...._p....np.....p.....p.....p.....p.....p.....q....%q....Mq....]q....nq.....q.....q.....q.....q.....q.....q.....q.....q.....r....Nr....Vr.....r.....r.....r.....r.....r.....r.....s.....s....4s....?s....ts.....s.....s.....s.....s.....s.....s.....s.....s.....t....@t..!.[t..".^t..#.|t..$..t..'..t..(..t..1..t..2..t..3..t..4..u..5..u..6."u..7.1u..8.\u..9.du..<.yu..=..u..>..u..?..u..@..u.....u.....u.....v....)v....Pv.....v.....v.....v.....w....)w....sw.....w.....x.....x....hy.....y....qz.....z.....z.....z.....z.....{....c{.....{.....|.....|....0}....@}....N}...._}....v}.....}.....}.....~....e~.....~.............................................#.....7......................k.................2..................................s..........3.....e............................n.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\ja.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):262111
                                                                                                                                                                                                                                                  Entropy (8bit):5.792368396857435
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:+uU907oY9rAJ8MnG2PkwL4Hsm8/w6NUTMI6GzilHaIUreEb9+T0DN+Vj4k:bUG7oxq36GzOMgjVV
                                                                                                                                                                                                                                                  MD5:F1CFD8C5FAD811EB0E55D4A60C8F911F
                                                                                                                                                                                                                                                  SHA1:7F526F7A35D75AB5309AEF82C3719A91533DC8A3
                                                                                                                                                                                                                                                  SHA-256:169E04F708B599954FBD3B481DB41F54E2BCD478F37F9A8058DBB494EDC7EA34
                                                                                                                                                                                                                                                  SHA-512:B9AF6FAC52AC54225C6975E5F9E42C86A05A95BDBCE24BF03F297A0093A3BCDCDCAEB6D06D5A68DDC0EEC79C51070FDF3FF6096832B057F2E74499CF2DF93B85
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............v.8n..w.Mn..x.qn..y.|n..z..n..{..n..|..n..}..n.....n.....n.....n.....n.....n.....n.....o.....o.....o.... o....%o....-o....8o....@o....Oo....To....\o....co....jo....qo....so....uo....wo....|o.....o.....o.....o.....p....#p....'p....-p.....p.....p.....p.....p.....q....&q....Gq....eq....mq.....q.....q.....q.....q.....q.....q....\r....br.....r.....r.....r.....r....+s....:s....Us....^s....ps....vs.....s.....s.....t....>t....Dt....Qt....Zt.....t.....t.....t....$u..!.Tu..".Wu..#.yu..$..u..'..u..(..u..1.(v..2.1v..3.4v..4.Ov..5.pv..6..v..7..v..8..v..9..v..<..v..=..w..>.<w..?.Hw..@.Ww....mw.....w.....w.....w.....w....)x....Dx....ux.....x.....x.....y.....y....sz.....z....m{.....|.....|.....|.....}....,}...._}.....}.....}....L~..................................4.........................................................-.....8...............................................................3................w.....P......................U..........\.....(...........&...........%.......

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\kn.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):506146
                                                                                                                                                                                                                                                  Entropy (8bit):4.299090677226852
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:h/H9wVBZWoiz5BnGAMCQ06cMQkUqvKMEVpgpxMyiGL3SRW9SNXO3uzciqOR45Gzo:h/HY+ehJiKGzIa2j1
                                                                                                                                                                                                                                                  MD5:6A7A579CF1E048BC7CBD50F3CF66A92D
                                                                                                                                                                                                                                                  SHA1:7E6A4B2A9320F14A49A921F94C44A8C3E8078C9F
                                                                                                                                                                                                                                                  SHA-256:FD8B235D766FAE1314D6103CB341C5BE3257C25C66A633186A229B381772A7CC
                                                                                                                                                                                                                                                  SHA-512:C0D82F273AEB875F35C4F6CE3AC4184B55D49C017702AA36DF68C0AE13B410CE814C9C763312E047B599CE8ABB5C225CDD78AC74D3C3908B8D303757A86C2632
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........L.R.v."o..w.Do..x.uo..y..o..z..o..{..o..|..o..~..o.....o.....o.....o.....o.....o.....o.....p.....p.....p....,p....2p....Dp....Lp....Qp....Yp....ap....ip....pp....wp....~p.....p.....p.....p.....p.....p.....p.....q....Tq.....q.....q.....q.....q.....r.....r.....s....Ds....ls.....s.....s.....t.....t.....t.....t.....t.....t.....t.....t.....t.....u.....u....5v....Pv....{v.....v.....w.....w....Ew....Ww.....w.....w....^x.....x.....x.....y....1y....>y....Vy.....y.....y....&z.....z..!.Q{..".T{..#.r{..$..{..'..{..(.0|..1..|..2..|..3..|..4..|..5.7}..6..}..7..}..8..}..9..}..<..~..=.V~..>..~..?..~..@..~....$.....?.....}...........$................q..........................k.....-.....,...........Z...........<.....{..................................................&.....X.....3................2...........;.....<.....K................................+.....M...........*......................h...........z...........................$.......................H.........................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\ko.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):221595
                                                                                                                                                                                                                                                  Entropy (8bit):6.145352559176205
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:3325obpYHwfF+mpvz+IQDcw79mQ4+kP7AW50dUjUGzV7QWmuLS1l:HIocw2pkCmjUGzV7rUl
                                                                                                                                                                                                                                                  MD5:FA5BB897494CA34200335C073E30B9C2
                                                                                                                                                                                                                                                  SHA1:2C5B5C9CDE345E1CBC390BC429C42F2B10BB58D4
                                                                                                                                                                                                                                                  SHA-256:94A6EF88AE05F7CCA17B10588EEB4237766E9DF3C24B50A7EA532E250AA40D47
                                                                                                                                                                                                                                                  SHA-512:A10F79E16D5C3D51F1C19381CA73411E7AF1A859F31785FE94E287D9CAE87C2AEB9435737D4B64B960A53D3E0BFFC5A7E347C78A6A2439CB5A94BF79C5E57E85
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............v..m..w..n..x..n..y.!n..z.,n..{.9n..|.An..}.In....On....Vn....\n....kn....|n.....n.....n.....n.....n.....n.....n.....n.....n.....n.....n.....n.....n.....o.....o.....o.....o.....o.....o....Ao....Wo....co....so.....o.....o.....o.....o.....o....#p....Mp....up.....p.....p.....p.....p.....p.....p.....p.....q.....q.....q....vq....|q.....q.....q.....q.....r....0r....<r....Or....Rr....rr....ur.....r.....r.....r.....s.....s....%s....+s....Rs....Us...._s.....s..!..s.."..s..#..t..$.Mt..'.jt..(..t..1..t..2..t..3..t..4..t..5..t..6..u..7..u..8.2u..9.:u..<.Fu..=.vu..>..u..?..u..@..u.....u.....u.....u.....v....!v.....v.....v.....v.....w....:w.....w.....w.....x....3y.....y....0z.....z.....z.... {....;{....e{.....{.....{.....|....5}....5}....{}.....}.....}.....}.....~....2~....F~.....~.....~....g.................G.................................`.................@.................................."...........8...........<................G...........$.............................Z.....j.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\lt.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):224683
                                                                                                                                                                                                                                                  Entropy (8bit):5.666541442325111
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:zFrbmFyIFqMu1LCinzYJ40QE4yDDGz7lyLIzL6SP:BOALrBU4y/Gz7DzL6SP
                                                                                                                                                                                                                                                  MD5:F8819542E19129FB68C5D2B79BFA66AB
                                                                                                                                                                                                                                                  SHA1:440FC66E6B1EEC0AC7ED4E414D3EB91A06BE765B
                                                                                                                                                                                                                                                  SHA-256:27849698AC0C2E3DBFA4EA903F4CA366A422217AA7E9E5FB3010629CDB9FAB47
                                                                                                                                                                                                                                                  SHA-512:5311871273EFC3EFB47C0C8B63E7DFA44FF6074472AF1E208AA3DBAF076A456632E61F57AAE32DA4A67D2CED8EB293A6545A5B848EB34A7E738DEA9E71C7BD04
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........>.`.v..o..w..o..x.+o..y.<o..z.Ho..{.Wo..|.bo..~.jo....oo....|o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p....&p....-p....4p....6p....8p....9p....:p....<p....Vp....tp.....p.....p.....p.....p.....p.....p.....q....Fq....`q.....q.....q.....q.....q.....q.....q.....r.....r.....r.....r...."r....2r....zr.....r.....r.....r.....r.....s....Ps....as.....s.....s.....s.....s.....s....(t....?t....`t....mt.....t.....t.....t.....t.....t....!u..!.;u..".>u..#.\u..$..u..'..u..(..u..1..u..2..v..3..v..4.)v..5.=v..6.Pv..7.^v..8.wv..9..v..<..v..=..v..>..v..?..v..@..v.....v.....w....0w....Jw....iw.....w.....w.....x....Ax....nx.....x.....y.....y....(z.....z....T{.....{.....|....e|.....|.....|.....|.....}.....}.....~.....~.....~.....~..........!.....K.......................H.................z.....~.....................$.....M.....f.......................................W.................6...........3...........-................2.....v...........\.......

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\lv.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):224601
                                                                                                                                                                                                                                                  Entropy (8bit):5.659186327144055
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:/YFZ4qkJ9JDeX9epv+YKK4rt+o4wFXHPFGzfvMyko3mw75izfbXk:Ali9xAEmYKK4UDwF3PFGzX7mw75i7bXk
                                                                                                                                                                                                                                                  MD5:B2AE3A035BB8507E1B4CE58E8712053C
                                                                                                                                                                                                                                                  SHA1:0486EB421F138AD65C4E63D6F95BDD210E11AE5B
                                                                                                                                                                                                                                                  SHA-256:3607DE3A4A1C209D874872D6916E501112B769C7F2DD6B00B77BA6F9384CBDA4
                                                                                                                                                                                                                                                  SHA-512:EC5EC998FACF4CAC346607AD364405A5D1C38171A9C694454B65C3F2EF52A8C564E25A8AA1E9604CC09E15CC4E4A3BA18AD66D8D05E21C27FD5581E8CDD1BF2E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........+.s.v..n..w..n..x..o..y..o..z.#o..{.2o..|.=o..~.Eo....Jo....Wo....]o....lo....}o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.....p.....p....5p....Sp....fp....yp.....p.....p.....p.....q.....q....Fq....iq.....q.....q.....q.....q.....q.....r.....r.....r.....r.....r..../r....:r....yr.....r.....r.....r.....r.....s....Hs....Ss....es....ls.....s.....s.....s.....s.....s.....t.....t....-t....5t....[t....dt....ut.....t..!..t.."..t..#..u..$.:u..'.Tu..(.wu..1..u..2..u..3..u..4..u..5..u..6..u..7..u..8..v..9..v..<.+v..=.Av..>.Wv..?.^v..@.kv....{v.....v.....v.....v.....v....Vw....nw.....w.....w.....w....-x.....x....9y.....y.....z.....z....-{....O{.....{.....{.....{.....{....&|.....|.....}.....}.....}.....~....0~....S~.....~.....~.....~....;.................~............................".....X.....l...............2.....................>......................^..........\........../................A........................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\ml.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):550210
                                                                                                                                                                                                                                                  Entropy (8bit):4.334797155956397
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:J3ULYYybaIG4j6xBv+JJX2BdApXtXUKdPFZXd+GzokYrHpd3yhKc7Wi:J3ULRsGDOztHdPFX+GzRKc7Wi
                                                                                                                                                                                                                                                  MD5:0CBFD53DC7FF94709DF670B289B42B33
                                                                                                                                                                                                                                                  SHA1:484B267ED91A5CF09D9A50B479C69AD1D029E811
                                                                                                                                                                                                                                                  SHA-256:9A0E74399EE776DCA3C97E9E3B13C74B8809F1BC0CE0905A06E2CE99EB4C8361
                                                                                                                                                                                                                                                  SHA-512:D8C34AE527C870D276467CF5A9D51F9F6A0501BBF5A655F6F04A942F24A05C27D01C95D579D9CAF42A611D00FB7754B3D22A6A91A03D3C4E7DAEEF81A4B78D28
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........W.G.v.8o..w.co..x..o..y..o..z..o..{..o..|..o..~..o.....o.....o.....o.....p.....p.....p....0p....=p....Cp....Rp....Xp....jp....rp....wp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p....'q....[q.....q.....q.....r.....r....=r.....r....%s....Vs.....s.....s.....s.....t....Qt....Yt.....t.....t.....t.....t.....t....5u....Qu.....u.....v.....v.....v....Vw.....w.....x....ex.....x.....x.....y.....y.....y.....z....Uz.....z.....z.....z.....z.....{.....{.....{.....}..!..}.."..}..#..}..$.4~..'.j~..(..~..1..~..2.....3.....4.@...5.....6.....7.....8.....9.M...<.....=....>.....?.&...@.f................2.....w.....................#............................9..... .....r..........A...........;.................Q.....$..................................+.....^.....X................@...........q.....f.....j.....................V...........Y.....U..........{.....2...........m.....................j.....w.....Z...........!.......................x.....O.....O.....).......

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\mr.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):440757
                                                                                                                                                                                                                                                  Entropy (8bit):4.377042891873762
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:CAuxfI6HNNoPilaDYf+ual24MS9koZSZeRerwCJMtlvlfCqSVK/V4UEaEFFgmdZX:4xfxHNpui03Z6ZZGz1p/0
                                                                                                                                                                                                                                                  MD5:833C6951456D48819D78819D4C440980
                                                                                                                                                                                                                                                  SHA1:6521462F408F6B4C721CF5BB3D9A0AFE7D20E688
                                                                                                                                                                                                                                                  SHA-256:2CDFEF5AA4761534DA84E26E0C34848B55168F1E9F3C352CF7D3DE461EE11FDC
                                                                                                                                                                                                                                                  SHA-512:126E24BF51A5A60A19C34C47E900A78726E24D7BC47A54623C9C6EC1E1C9F198B5F2AA0B42FCC45651303F9AC0F27D249E2827930FA289DE1528C4E9B54F65B4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........-.q.v..n..w..o..x.=o..y.Wo..z.co..{.ro..|.}o..~..o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p...."p....*p....2p....:p....Ap....Hp....Op....Qp....Sp....Tp....Up....Zp.....p.....p.....p.....q....7q....;q....Pq.....q.....q.....r....Zr.....r.....r.....r.....s.....s.....s.....s.....s.....s.....s.....s.....s....tt.....t.....u....'u....Ou....ku.....u.....u.....u.....v....qv....zv.....v....$w....cw.....w.....w.....w.....w....:x....Xx....}x...."y..!.gy..".jy..#..y..$..y..'..z..(.Sz..1..z..2..z..3..z..4..z..5..{..6.8{..7.U{..8..{..9..{..<..{..=..{..>..|..?.+|..@.c|.....|.....|.....|.....}....6}.....~....-~....h~.....~.....~..........C...........-.....@.....T.................F.....|......................x...............!.....6.....R.................c.....x..........1.....................\................K..................................Y...............!................f.....n................-...........j.....7..........5..................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\ms.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):201417
                                                                                                                                                                                                                                                  Entropy (8bit):5.308720465961804
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:8PlQeTMQy3p1g17j4bT+dWilVj2DQGzajWzC3W3e/A8unI:8P1TMBikmlVj2DQGza9GSr
                                                                                                                                                                                                                                                  MD5:6C70C727D9035818712A50BCFF79311D
                                                                                                                                                                                                                                                  SHA1:54A6D541ECBCDB0BADA2D6E00ADF127DCE66BBB6
                                                                                                                                                                                                                                                  SHA-256:DCA1D86314E2DA07734DD3B506D8B591C0AB8516539890384ADF71022A248D02
                                                                                                                                                                                                                                                  SHA-512:EBC9359B84D2C5B32FC5E8FACC1DC9A3419D5C49A589D3A1E0C2BE3308822D2E334B0880B372343397F7F8B8CAAFAD84700BEC796C257050C909C2ACAED96B4A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........>.`.v..o..w..o..x."o..y.*o..z.6o..{.Eo..|.Po..~.Xo....]o....jo....po.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p...."p....$p....&p....'p....(p....-p....Op....gp....zp.....p.....p.....p.....p.....p.....p.....q....Hq....pq.....q.....q.....q.....q.....q.....q.....q.....q.....r.....r.....r....$r....Qr....Xr.....r.....r.....r.....r.....r.....r.....r.....r.....s.....s....Ns...._s....vs.....s.....s.....s.....s.....s.....s.....s....5t..!.Wt..".Zt..#.xt..$..t..'..t..(..t..1..t..2..t..3..t..4..u..5..u..6..u..7.?u..8.Zu..9.hu..<.tu..=..u..>..u..?..u..@..u.....u.....u.....v.....v....7v.....v.....v.....v.....v.....w....Qw.....w....wx.....x....=y.....y....az....vz.....z.....z.....z.....{....U{.....{.....|.....|.....}....*}....:}....O}....h}.....}.....}.....}....X~.....~..........~...................................?.....R......................................J.................(.................|..........D.....t.......................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\nb.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):197705
                                                                                                                                                                                                                                                  Entropy (8bit):5.456447331213645
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:sa4p4nRstgRBGglhvBHi0CpvkmISsGzdF7:t4pMStgRBfHi0CpvkFSsGzdF7
                                                                                                                                                                                                                                                  MD5:F690B1AA2383227B8C4463DA4836E12A
                                                                                                                                                                                                                                                  SHA1:98754C4A11CE7AE46AC451FA2FB0CDB29D4C2EE3
                                                                                                                                                                                                                                                  SHA-256:DBA1C03B1CD0F5908DAA047C66B9B0E030D1C8F3044F0B1ABF7805CB922BD017
                                                                                                                                                                                                                                                  SHA-512:271F868FD60C1758D5C506EEDCCACF936A7F77DC612FF40609F2280032EB9AB538740F60E673EBBCB1DAA5497C1A2EA967463F5AB39AF9C5F986F8A950F4B6BA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............v..n..w..n..x..n..y..n..z..n..{..n..|..o..~..o.....o.....o....!o....0o....Ao....Jo...._o....lo....ro.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p....$p....3p....Fp....Jp....Rp.....p.....p.....p.....p.....q.....q....1q....Dq....Lq.....q.....q.....q.....q.....q.....q.....q.....q.....q.....r.....r....+r....Cr....nr.....r.....r.....r.....r.....r.....s.....s....-s....Ns....Ys....hs....ls.....s.....s.....s.....s..!..s.."..s..#..t..$.-t..'.>t..(.Ot..1.ht..2.ot..3.rt..4..t..5..t..6..t..7..t..8..t..9..t..<..t..=..t..>..u..?..u..@..u....%u....0u....Fu....Yu....qu.....u.....u.....v....)v....Nv.....v.....v.....w.....w....;x.....x....2y....Cy....{y.....y.....y.....y.....z.....z.....{.....{.....{.....{.....{.....{.....|....o|.....|.....|.....|....[}.....}....%~....)~....^~.....~............................[.....z...........;.....u.....D...........$.....k.............................X......................]...........J.......

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\nl.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):207464
                                                                                                                                                                                                                                                  Entropy (8bit):5.387278602823229
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:6G/I9RZ451jRwMfZg+/Vc6rlahkB0+avpGW5utMfhQ8JyZZaI8r4EFBp0Tc9G+Ix:6GA74lKp0UGzv3dvJ
                                                                                                                                                                                                                                                  MD5:D935CF78699D515DDC9A9323550A33BA
                                                                                                                                                                                                                                                  SHA1:7DDEF0E0851684A97CFFC158EC2C9EB9E1D30CB5
                                                                                                                                                                                                                                                  SHA-256:DB91AC80C52BBDF3A6F359D552BDE4573D3BEA6B84FCE3362B30412A3B5D83D8
                                                                                                                                                                                                                                                  SHA-512:DA73F38761AE8F12BF519EA305262E26A08047B084F915D843A32427B6D04055E6B9C63FC9F26D8235C79172B6635238B755E10FFF02018984C29246F37E875A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........&.x.v..n..w..n..x..n..y..o..z..o..{."o..|.-o..~.5o....:o....Go....Mo....\o....mo....vo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p....,p....>p....Lp....^p....qp....up....~p.....p.....p.....p.....q....7q....Gq....[q....sq....{q.....q.....q.....q.....q.....q.....q.....q.....r....#r....jr....qr.....r.....r.....r.....r.....r.....r.....s.....s....:s....Ls....`s.....s.....s.....s.....s.....s.....s.....s.....t..!.4t..".7t..#.Ut..$.zt..'..t..(..t..1..t..2..t..3..t..4..t..5..t..6..t..7..u..8..u..9.'u..<.4u..=.Iu..>.fu..?.tu..@..u.....u.....u.....u.....u.....u....%v....;v....ev.....v.....v.....v....Bw.....w....8x.....x..../y.....y.....y.....z....#z....Jz....iz.....z.....{....F|....F|.....|.....|.....|.....|.....|...."}....C}....Z}.....}.....~....t~.....~.....~..........\.....B.....v.......................8.....h..........>.....!.................[..............................................j...........T.............

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\pl.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):217685
                                                                                                                                                                                                                                                  Entropy (8bit):5.7745553191633485
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:aBQfuVjFzTQRqMbPB4nVUFzd8Bd8d/lZmqKGzqrxCoqRq7DiWULf:aBQfuVjFzTSbPB4UF5g2/ZmZGzvCORf
                                                                                                                                                                                                                                                  MD5:A93A81C359048EC5220DC4B7C77CDFA5
                                                                                                                                                                                                                                                  SHA1:B43C38D6C0F78963599D7416422B9150F4148CF7
                                                                                                                                                                                                                                                  SHA-256:D1BFF70EBCED2F783EE8965CA7956E4A0CDE688559BD343819A301B0F264B97A
                                                                                                                                                                                                                                                  SHA-512:36D46D6904A0B4832C0FADEA788756391675CCC8D5D287B3B98D3B2A15B80E03D310AE6F02571C9521FF8E271B620F71C73B47CBC5C2FC7CC7663D1576F7955D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........,.r.v..n..w..n..x..o..y..o..z.!o..{.0o..|.;o..~.Co....Ho....Uo....[o....jo....{o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.....p....5p....Op....^p....lp.....p.....p.....p.....p.....p.....q....&q....Nq....cq....wq.....q.....q.....q.....q.....q.....q.....q.....q....2r....8r....}r.....r.....r.....r.....r.....s.....s....(s....Os....Rs.....s.....s.....s.....s.....s.....s.....s.....t....%t....5t....tt..!..t.."..t..#..t..$..t..'..t..(..u..1.7u..2.Fu..3.Iu..4.nu..5.zu..6..u..7..u..8..u..9..u..<..u..=..u..>..u..?..u..@..v....#v....:v....Kv....`v....zv.....v.....v.....w....4w....aw.....w.....w.....x.....y....xy.....y....qz.....z.....z.....z.....z.....{....X{.....{.....|.....|.....}.... }....)}....@}....]}.....}.....}.....~....u~.....~....%.....-.....b...........q.....................9.....].................]......................4.....f...........;..........6.......................Z...........Y...........<.......

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\pt-BR.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):213598
                                                                                                                                                                                                                                                  Entropy (8bit):5.468272951929252
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:1nCnQIMisJtMIoCqW+5Ox9UcNzvyzczp8HJhWOYGzI3StrpckwGMRk:dCn9MRJ+u4WNGztwGH
                                                                                                                                                                                                                                                  MD5:FC3436297593F206BD0A33D51B53E285
                                                                                                                                                                                                                                                  SHA1:0293321D04097650CEA45D04B88DBF3F236E4CE6
                                                                                                                                                                                                                                                  SHA-256:71D2553C072A5A9CC0264512F00579DD5FBA14D0F69F0CEE4109660750CF81AE
                                                                                                                                                                                                                                                  SHA-512:517DB7902CB21EDE388C0B1CEBEC567C727987A540EDEBF058FD956651FC3AC8A62C42ACD01D72D8CE13FC34AAC4F6B9AB4DB377869E2F30455B49F5727F6FB0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........G.W.v..o..w.)o..x.7o..y.Ho..z.To..{.co..|.no..~.vo....{o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p....#p....+p....2p....9p....@p....Bp....Dp....Ep....Fp....Kp....op.....p.....p.....p.....p.....p.....p.....q....'q....[q....pq.....q.....q.....q.....q.....q.....q.....r.....r.....r.....r....!r....*r....hr....nr.....r.....r.....r.....r.....s.....s....+s....2s....Us....Ys.....s.....s.....s.....s.....s.....s.....t.....t....#t....6t.....t..!..t.."..t..#..t..$..t..'..t..(..u..1.3u..2.Au..3.Du..4._u..5.mu..6..u..7..u..8..u..9..u..<..u..=..u..>..u..?..u..@..v.....v....$v....8v....Nv....iv.....v.....v.....v.....w....:w....xw.....w.....x.....x....My.....y....Gz....^z.....z.....z.....z.....z....:{.....{.....|.....|.....}....'}....2}....I}....j}.....}.....}.....}....C~.....~.....~....}............................!.....R.....f................,......................_..........".....J...........1...........-.................&.....r...........m......

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\pt-PT.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):217817
                                                                                                                                                                                                                                                  Entropy (8bit):5.441317944225942
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:97ljojZExjmgTxDap/02w7hc7LJaPn5IBt8nA4ooGzzEDMzYByJG9kiqtkPO:97lMjZEmQa7L0lGzJYwtT
                                                                                                                                                                                                                                                  MD5:1EF51B9A757EF1205B41D62F79B49CE5
                                                                                                                                                                                                                                                  SHA1:7056A8DDE223D6F65C9AF106C6F1DAC17DD341E6
                                                                                                                                                                                                                                                  SHA-256:4EC35CB6F4C779FAEBA66B10A1CC96BD2CC3C66EFA15E683BC0E2CD520EFAA58
                                                                                                                                                                                                                                                  SHA-512:FB6DC780A7ED6EF325A15BC2C7871607CB4E16BEA82739EAE144AEC10A0C7573879D57907C0D51B3B8DF17DF7F1F8446DC2CB4D24B05D6DDEEE12BCA27AA7F60
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........F.X.v..o..w.)o..x.;o..y.Lo..z.Xo..{.go..|.ro..~.zo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p....'p..../p....6p....=p....Dp....Fp....Hp....Ip....Jp....Op....sp.....p.....p.....p.....p.....p.....p....(q....1q....eq....zq.....q.....q.....q.....q.....q.....r.....r.....r.....r.....r..../r....=r....{r.....r.....r.....r.....r.....r.....s....!s....;s....Js....ms....xs.....s.....s.....s.....s.....s.....t.....t....+t....7t....Kt.....t..!..t.."..t..#..t..$..u..'..u..(.6u..1.[u..2.gu..3.ju..4..u..5..u..6..u..7..u..8..u..9..u..<..u..=..v..>..v..?. v..@..v....=v....Ov....uv.....v.....v.....v.....w....4w....]w.....w.....w....7x.....x....?y.....y....+z.....z.....z.....{....){....O{....q{.....{....*|....4}....4}....z}.....}.....}.....}.....}.....~....?~....U~.....~.........._.......................E.....P......................1.....h...........5...........u....................................................f................4..........;.......

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\ro.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):221714
                                                                                                                                                                                                                                                  Entropy (8bit):5.506942434485236
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:k4xDqvozu1sHjoJia9U82jN6qPjfGzijwewmQ:ktveHjoYae82jN66fGzicewmQ
                                                                                                                                                                                                                                                  MD5:EE2432B1B628586507DFA4BA0325F4A8
                                                                                                                                                                                                                                                  SHA1:CDA23FCB2EB8E04FE93F69C5D58353CB20B526B2
                                                                                                                                                                                                                                                  SHA-256:99D62E728882E7C8FEDFD8303A512BC1E0488F104F4062ED2B3D7FFF334A2BF7
                                                                                                                                                                                                                                                  SHA-512:2F3D986C75A162029EB94CE99F67D5E9546FF2571E9C09D33520709A8BE5A679E07D516801758943DC05BA71CA4300A05C9A11680809982A956E09C40E05C961
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........G.W.v..o..w.)o..x.;o..y.Lo..z.Vo..{.eo..|.po..~.xo....}o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p....%p....-p....4p....;p....Bp....Dp....Fp....Gp....Hp....Jp....qp.....p.....p.....p.....p.....p.....p.....q....#q....Tq....iq.....q.....q.....q.....q.....q.....r.....r.....r.....r.....r....+r....6r....~r.....r.....r.....r.....r.....s....1s....<s....Vs....gs.....s.....s.....s.....s.....t.....t....*t....7t....?t....bt....lt.....t.....t..!..t.."..t..#..t..$.*u..'.Au..(.[u..1.}u..2..u..3..u..4..u..5..u..6..u..7..u..8..u..9..v..<..v..=.9v..>.Vv..?._v..@.xv.....v.....v.....v.....v.....v....5w....Mw....rw.....w.....w.....w....^x.... y....oy.....y....pz.....z.....{....Q{....p{.....{.....{.....|.....|.....}.....}.....}.....}.....}.....~....,~.....~.....~.....~....7.................^.....g...........................6.....L...............$................................(.....]..........Z...........Z................I...........R.............

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\ru.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):333912
                                                                                                                                                                                                                                                  Entropy (8bit):4.946354320691577
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:qzreCABmXsBoXN2hYg0nJA2mw+NLZ8lopoLvHU7zmK79vJa/LIx39KThwWHJqeRF:qzreCABmXsBoXN2hYg0nJA2mw+NLZ8lz
                                                                                                                                                                                                                                                  MD5:DE3F2C81C2037F8A7DFC714F19E6E32F
                                                                                                                                                                                                                                                  SHA1:F78DEAD510DB0B85ADC626A9A1F2BC45F860E35F
                                                                                                                                                                                                                                                  SHA-256:99758AA83DB68871EE4E4C019984F0B49CCFB2ABDA95A2B726FB7E0D543A7832
                                                                                                                                                                                                                                                  SHA-512:3AC92E2792B82FBAD65D05B72BBEBAD48DF7B5CD7B4D97C184E4818679F5305700285190ABF8252F02B329CEB4EAB8F757AD26137F1AF321D13C8DE92BBF857D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............v..n..w.9n..x._n..y.pn..z.|n..{..n..|..n..~..n.....n.....n.....n.....n.....n.....n.....n.....o.....o.....o.....o.....o....6o....;o....Co....Ko....So....Zo....ao....ho....jo....lo....mo....no....po.....o.....o.....o.....p....6p....:p....Qp.....p.....p.....q....:q....bq....rq.....q.....q.....q....'r.....r....1r....2r....Gr...._r....xr.....r.....r....{s.....s.....s.....s.....t....1t....dt.....t.....t.....t.....u....Iu....su.....u.....u.....u.....u.....v.....v....6v.....v..!..v.."..v..#..w..$.Uw..'..w..(..w..1..x..2..x..3..x..4.Ax..5.Kx..6.jx..7.~x..8..x..9..x..<..x..=..y..>.?y..?.Ky..@.jy....~y.....y.....y.....y.....y....=z.....z.....z.....{....J{.....{....E|....2}.....}..../~.....~......................,.....o......................z.....z.................................................9...................................l.................Y.....r...........T...........N..........3.......................n.......................N..........E...........H.....H..........'.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\sk.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):228013
                                                                                                                                                                                                                                                  Entropy (8bit):5.80213874806346
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:mBbiIN7OED6d3bme4ZVXmMyYEfFGTi+pImlPtlmn2iaL0NeGzyBBTQoaQdZRNwoW:0iIR6imwi+pIormZeoeGzyjaQdZ5GF
                                                                                                                                                                                                                                                  MD5:6A9CCFBCD2D07B909C2A8F65BB82B3F7
                                                                                                                                                                                                                                                  SHA1:96CF4D70DF4FDA018FF3A23A1A8C400066EFFF12
                                                                                                                                                                                                                                                  SHA-256:8278073AF555CA8202BEA6E2B5C91E2F8CC3063933FBE2B7915FA2E6D35A8C05
                                                                                                                                                                                                                                                  SHA-512:A126F92BD1D20D6222CA4674F1DA4255055E62D56A1A5F2A04F9DE5C94318D24D2F69BF5D182356DC932F0823A30946F6AC016BD2B3E1A0106789F6DE4E239B1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........5.i.v..n..w..o..x..o..y.-o..z.9o..{.Ho..|.So..~.[o....`o....mo....so.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p....%p....'p....)p....*p....+p....-p....Kp....hp....|p.....p.....p.....p.....p.....p.....p....0q....Oq....wq.....q.....q.....q.....q.....q.....q.....q.....q.....r.....r.....r....fr....nr.....r.....r.....r.....r....4s....<s....Ws....\s.....s.....s.....s.....s.....s.....t....#t....2t....:t....^t....ht....|t.....t..!..t.."..t..#..u..$.Au..'.Zu..(.ku..1..u..2..u..3..u..4..u..5..u..6..u..7..u..8..u..9..v..<..v..=.3v..>.Rv..?.Xv..@.hv....vv.....v.....v.....v.....v....@w....gw.....w.....w.....w....Bx.....x....qy.....y....\z.....{.....{.....{....)|....P|....u|.....|.....|....Z}....s~....s~.....~.....~.....~................}.................+................Z.....a.....................).....O.....f................<..........%......................9.....s..........s...........................y..........L.............

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\sl.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):209376
                                                                                                                                                                                                                                                  Entropy (8bit):5.541914147056759
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:rdE1RDOJXNTcCZfn9u7l+/aIiVA0ib2Gz5BRPxGTTXCYqJ:rm1xg9glA0ib2Gz5PxGTTXCYqJ
                                                                                                                                                                                                                                                  MD5:1A665331EACAC50A35C49A9D1FA98615
                                                                                                                                                                                                                                                  SHA1:398FBC0D35B02BA162F814F55B946715D3872077
                                                                                                                                                                                                                                                  SHA-256:452B896A94CBF70948841CC07B69AE10E29C9488AE17BB3F4FB5F7F73B102C8F
                                                                                                                                                                                                                                                  SHA-512:75DEB1FFBC9F45FF141AEE8DD445AD5641182060CEBF7CB0375E811CD248BF2DB063296432961E55872478E7334C96C0509EB7627FE324A80DB9D7C02F0E17B1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............v..n..w..n..x..n..y..n..z..o..{..o..|..o..~."o....'o....4o....:o....Io....Zo....co....xo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p....+p....=p....Kp....cp....gp....op.....p.....p.....p.....q....4q....Kq....^q....oq....wq.....q.....q.....q.....q.....q.....q.....q.....r....!r....cr....ir.....r.....r.....r.....r.....s.....s....3s....:s....ps.....s.....s.....s.....s.....s.....s.....s.....s.....s....<t..!.St..".Vt..#.tt..$..t..'..t..(..t..1..t..2..u..3..u..4.*u..5.8u..6.Fu..7.Pu..8.tu..9..u..<..u..=..u..>..u..?..u..@..u.....u.....u.....v.....v....:v....}v.....v.....v.....v.....v....<w.....w....9x....nx.....x....Zy.....y.....y....!z....4z....Lz....jz.....z.....{....0|....0|....v|.....|.....|.....|.....|....&}....B}....W}.....}.....~....k~.....~.....~..........G...........<.....q......................(.......................-......................_..........S.................5.....~...........].............

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\sr.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):329949
                                                                                                                                                                                                                                                  Entropy (8bit):4.855496489995685
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:V3ZF6QoNbVXpmK7dbAc4NRKSQ8hwti8bLo7rHf4iekdaJheKGzkp0cwVBAg1d1kL:VOXVdb6yi99aJUKGzkzQBh1zkL
                                                                                                                                                                                                                                                  MD5:446E0C28F6255BA9BDBA9C0C73921111
                                                                                                                                                                                                                                                  SHA1:E1DC98B94BFB181A8A55F3821B8C03913626DDB6
                                                                                                                                                                                                                                                  SHA-256:95FA35C5457F3BE7706A8AAC672E203BCD9E77AA3B26B965330C92CCCA2D089E
                                                                                                                                                                                                                                                  SHA-512:A0E449E1902767A24C17C98A53CF58F211CF23318DF8BD1A5D771687BA6F684B2F6C6437E4675B6F7B084D1197035614FC558A28FE50182A5AA06C85323CA6CF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........@.^.v..o..w.#o..x.Jo..y.[o..z.go..{.vo..|..o..~..o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p....!p....&p.....p....6p....>p....Ep....Lp....Sp....Up....Wp....Xp....Yp....[p.....p.....p.....p.....q....Jq....Nq....hq.....q.....q.....r....>r....fr....vr.....r.....r.....r....As....Hs....Ks....Ls....[s....qs.....s.....t.... t.....t.....t.....t.....u....Iu....bu.....u.....u.....u.....u....Dv....vv.....v.....v.....v.....v.....v....:w....Nw....uw.....w..!.1x..".4x..#.Rx..$..x..'..x..(..x..1. y..2.3y..3.6y..4.]y..5.wy..6..y..7..y..8..y..9..y..<..z..=.>z..>.rz..?..z..@..z.....z.....z.....z.....{.....{.....{.....{.....|....C|.....|.....|.....}.....~......................p......................T.......................m.....m...........................0......................u..........D...............R................`................o......................0.....n.....9..........4............................m..........@..........;.....^............

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\sv.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):198869
                                                                                                                                                                                                                                                  Entropy (8bit):5.559046366566631
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:YRhfQKmQuoL/Dfyk+GtJgaO+EGzyO1xiVeU3nbdiL71T:Y/fN/uoKHJvGzzEbdqT
                                                                                                                                                                                                                                                  MD5:C34D47B16B956AB98B35D9D2810325EE
                                                                                                                                                                                                                                                  SHA1:5E5D3E0C522BE1A0B6D7E894BC4943E8421C6383
                                                                                                                                                                                                                                                  SHA-256:C48A03363840FCD92BE91F4E14B9B13E05106F5C4105464FFA2C2A73C71E2463
                                                                                                                                                                                                                                                  SHA-512:6D54685D12223F1AEBE0C26981ABA4DFEC925B0B481C37C6724783D53C1D956CF5B2A929B32675C7548137415F02AE9CBD66AFCEB8E6245466D48689D487268B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........0.n.v..n..w..n..x..o..y..o..z.'o..{.6o..|.Ao..~.Io....No....[o....ao....po.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.....p.....p....9p....Jp....[p....mp.....p.....p.....p.....p.....p.....q...."q....Jq....Yq....mq....{q.....q.....q.....q.....q.....q.....q.....q.....q.....r.....r....Xr...._r....pr.....r.....r.....r.....r.....r.....r.....r....%s....5s....Ns....\s....ds....ss....ys.....s.....s.....s.....s..!..t.."..t..#.4t..$.^t..'.rt..(.~t..1..t..2..t..3..t..4..t..5..t..6..t..7..t..8..u..9..u..<..u..=.:u..>.Ru..?.Xu..@.hu....yu.....u.....u.....u.....u.....v.... v....Mv....qv.....v.....v....?w.....w....,x.....x.....x....ly.....y.....y.....y.....y.....z....Jz.....z.....{.....{.....|.....|....&|....G|.....|.....|.....|....1}.....}.....}....S~....X~.....~.....~............................h................F...........N..........7....................................................R.................s..........H.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\sw.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):203184
                                                                                                                                                                                                                                                  Entropy (8bit):5.399627811080787
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:ta+3hQgmdVTl44ZDEhf50dR4cEJ8zBeDVZhGzBz7OTcXRED/j2Sqt9g1Vh4xHwi:tzGROthkecK8eVZhGzREDaSZt4xHwi
                                                                                                                                                                                                                                                  MD5:3EE244FB4F41722DE1FC67420560E849
                                                                                                                                                                                                                                                  SHA1:3A25ADD92438C199A1025A716A725F8D4BBBE540
                                                                                                                                                                                                                                                  SHA-256:48E72F24A44326DE5455DB825052C6C6DCA7C271B63B7AA9EC1A4CF30F7F4890
                                                                                                                                                                                                                                                  SHA-512:C362202B4CD57B3FE80230B39DF758C6E2058FC8B039DADA70DE2F9ECDB9C4220421319B6EF6EB675F1467661C222D45DB1037A75A254EFD9A8A53AAA68D2492
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........4.j.v..n..w..o..x..o..y.#o..z./o..{.>o..|.Io..~.Qo....Vo....co....io....xo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.... p....!p....&p....@p....Vp....hp....xp.....p.....p.....p.....p.....p.....q....4q....\q....lq.....q.....q.....q.....q.....q.....q.....q.....q.....q.....r.....r....>r....Cr....nr....sr.....r.....r.....r.....r.....r.....r.....s.....s....Js....`s....ss.....s.....s.....s.....s.....s.....s.....s..../t..!.Ft..".It..#.gt..$..t..'..t..(..t..1..t..2..u..3..u..4. u..5.5u..6.Pu..7.^u..8.ru..9.~u..<..u..=..u..>..u..?..u..@..u.....u.....u.....v.....v....Fv.....v.....v.....v.....w....-w....ow.....w....tx.....x....7y.....y....(z....=z.....z.....z.....z.....z...."{.....{.....|.....|.....|.....|.....|.....}....,}.....}.....}.....}.....~....p~.....~....$.....'.....M...........j.....................L.....w...........8.....{.....C.................^................i..........W................C.................^.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\ta.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):513905
                                                                                                                                                                                                                                                  Entropy (8bit):4.136344055675861
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:jRCfyB8LAzaIMKJKfK03Wdy2ZsZ8EgTH3g2LDZq2tnfrwQzAiyiDjjFY/c2sEoVV:jRQAzPvnrAGztX26Xb
                                                                                                                                                                                                                                                  MD5:27DC76ECEA86DACB0D76EEFB74E1F3B8
                                                                                                                                                                                                                                                  SHA1:57B62ED78C0DE5495EB226E63A9061597B0BEAAC
                                                                                                                                                                                                                                                  SHA-256:1B6CF53B491528A39845D0B3386FE88BCD9059C65449B5A70FB99322E4693AA0
                                                                                                                                                                                                                                                  SHA-512:8B29607EE0071327682DEF71A23D676901269D1DF088F7D2B4EADFD091D41C5191AB031A7D2ACA4DF7B4D4B236D54254E4575D08A0B101806B76EFA63C124661
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........'.w.v..n..w..n..x.1o..y.Bo..z.No..{.]o..|.ho..~.po....uo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p....%p....,p....3p....:p....<p....>p....?p....@p....Ep.....p.....p...."q....Pq.....q.....q.....q.....r.....r.....r.....s..../s....?s.....s.....s.....s....Ut....\t...._t....`t....st.....t.....t.....u.....u.....v.....v.....w....[w.....w.....x....cx....xx.....x.....x....[y.....y.....y....:z....^z....kz....wz.....z.....z....#{.....{..!.a|..".d|..#..|..$..|..'..}..(.=}..1..}..2..}..3..}..4..}..5.:~..6.n~..7..~..8..~..9..~..<.....=.E...>.....?.....@.......3.....T............................K.................V......................6............................i.................F...............=.....=.................................&.....e................................o.....K.................b......................j.....:................z................C.....c.................................Y.................m.....9.....z.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\te.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):487541
                                                                                                                                                                                                                                                  Entropy (8bit):4.328991640933705
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:QQUokiFu09e0zhh6gVTNX3yd5qe37MqMD72Gz3NuhIZrY5/SL:Q6P2GzT
                                                                                                                                                                                                                                                  MD5:4DCCB718D72492BEB23A79E6102D0D0B
                                                                                                                                                                                                                                                  SHA1:CD0595C666E9FDBB3A93B4ABF6B5140E0AB2795E
                                                                                                                                                                                                                                                  SHA-256:32E6AA2CCC5BE605F77B91182772AA67F3CF156BC8B63DC0F5A34E7ED9A6AE09
                                                                                                                                                                                                                                                  SHA-512:3109A6049788B496D9C349716BD171CEBF7642EFC9E02B9D34D790FD4B93F04BD1B3C614D46A7216B8484679960B3A9F3633ED0D26F4E2D02068A982F251DE0B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........L.R.v."o..w.So..x..o..y..o..z..o..{..o..|..o..~..o.....o.....o.....o.....o.....p.....p...."p..../p....5p....Dp....Jp....\p....dp....ip....qp....yp.....p.....p.....p.....p.....p.....p.....p.....p.....p.....p.....q....Hq....|q.....q.....q.....q.....r.....r.....r.....s..../s....?s.....s.....s.....s....ct....jt....mt....ot....|t.....t.....t.....t.....u.....u.....v.....v.....v....*w.....w.....w.....w.....w....`x....rx.....y....Ty.....y.....y.....y.....z....#z.....z.....z.....z.....{..!..{.."..{..#..|..$.h|..'..|..(..|..1.@}..2.O}..3.R}..4..}..5..}..6..~..7.;~..8.t~..9..~..<..~..=.....>.2...?.N...@...................-.....c...........o.................7..........."...........|.....,.....D.....Z................G................&...............G.....G.................................&.....D.......................i.....m..................................B.....>...........>.......................................8.....L.................6.....'.................b.................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\th.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):418001
                                                                                                                                                                                                                                                  Entropy (8bit):4.406866659556729
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:fvwt96sb89I3ujLhvdRsHCgMXWcPC97lhlzUbgbh/4AaGzds+mXIbP6O9hDrCZtG:fvbFGzv
                                                                                                                                                                                                                                                  MD5:298EBA4D1EF60325D7F241BC59ABF6E8
                                                                                                                                                                                                                                                  SHA1:7632C4866455891FADF900162E934E09F49683BF
                                                                                                                                                                                                                                                  SHA-256:C8DD0B03FE3D87A6B3FF9FB27BB3278BA34245ECC1DD536F5B1356B3B08915FF
                                                                                                                                                                                                                                                  SHA-512:3C12ECED7C8D6A1DB90DBFB59BC5C3E0528514DFBB372B683F34E0E14D4BE6D32D12100810A9A4A446BE6BAABC589C053FA4C49AA25F7620B479099F29FAC94F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............v.Tn..w.on..x..n..y..n..z..n..{..n..|..n.....n.....n.....n.....n.....n.....o.....o....*o....0o....?o....Eo....Wo...._o....do....lo....wo.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p....<p....fp.....p.....p.....p....7q....^q.....q.....q.....q.....q....Br....ur....}r.....r.....r.....r.....s....+s....Cs.....s.....s....kt....}t.....t.....u....yu.....u.....u.....u.....v.....v.....v.....v.....v.....w....2w....?w....Hw.....w.....w.....w.....x..!..x.."..x..#..x..$.Iy..'..y..(..y..1..z..2.+z..3..z..4.dz..5..z..6..z..7..z..8..{..9.({..<.:{..=.|{..>..{..?..{..@..{.....|....<|.....|.....|.....|.....}.....}....6~.....~.....~..........[..........g.....~.......................................8...........{.....................$.....H.....w.....(.......................[....................................................................K.......................6.................&..........2.....R.....H.....(.....c.....:..................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\tr.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):214696
                                                                                                                                                                                                                                                  Entropy (8bit):5.644867588568881
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:vcur5xPict3JvYrYeA1DqzkqsYIC7KeYq+oYhmWhygV7Arg2yz7IUsLGUR+8Bbin:vcur9LDKdsY89n0phGz/lw66qCc
                                                                                                                                                                                                                                                  MD5:0F5F88528E16553F139707F3604502A6
                                                                                                                                                                                                                                                  SHA1:72BC19C0B8843CF82710B2EC6B6A0CB8F802BF7B
                                                                                                                                                                                                                                                  SHA-256:2B4F3B58DDC5D202A09603538BCAB0EB6AC40B463406047A4BA4632624AFF5FA
                                                                                                                                                                                                                                                  SHA-512:6F42CC378874D1070FC6D431E0580721E13415CE8157C694B7B9037E3D95F9815E3376395291233B6937345931869381E8A6CE93811A65CD22D9AB6A23D2125B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........N.P.v.&o..w.6o..x.Ho..y.Yo..z.co..{.ro..|.}o..~..o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p...."p....*p....2p....:p....Ap....Hp....Op....Qp....Sp....Tp....Up....Wp....up.....p.....p.....p.....p.....p.....p....4q....Bq....sq.....q.....q.....q.....q.....q.....q....-r....4r....7r....8r....@r....Or....Yr....cr.....r.....r.....r.....r.....s.....s....=s....Ks....[s....ds.....s.....s.....s.....s.....s.....t.....t.....t.....t....It....Tt....it.....t..!..t.."..t..#..u..$.5u..'.Nu..(.eu..1.~u..2..u..3..u..4..u..5..u..6..u..7..u..8..u..9..u..<..v..=.'v..>.;v..?.Bv..@.Wv....jv....|v.....v.....v.....v.....w..../w....Ww....zw.....w.....w....9x.....y....jy.....y....fz.....z.....{....6{....Q{....t{.....{.....{....\|....}}....}}.....}.....}.....}.....}.....~.....~.....~.....~....".................I.....M............................,.....>................!......................N.................5.............................e.................Q..........&.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\uk.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):344401
                                                                                                                                                                                                                                                  Entropy (8bit):4.954021701080926
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:oDoqGl/PGnmXPAiraiceEni8Gzzk54LNiXEkCq6MWsui+4uL2uH:OoqjnmXLraiceEni8Gzzk54LNiXEHq6X
                                                                                                                                                                                                                                                  MD5:1151EA254D8BD0153B24B55F33D91899
                                                                                                                                                                                                                                                  SHA1:E373B50B923EABA226AC9B4ECA60D95F1460C7A4
                                                                                                                                                                                                                                                  SHA-256:FDAE4D03529D074DCA720BF25D1A96E8092A4523746A85E881DDC407F2F173FA
                                                                                                                                                                                                                                                  SHA-512:F31FE608B7E4C6D9F69981C4408D3CE4DDB70DD723C6CACE5A080644E0C19940CAF6E6F3BABD0A9FE0DE98867437E47B4024A44440777A07CB0F48E5EFAE5156
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............v..n..w..n..x..n..y..o..z..o..{.*o..|.5o..~.=o....Bo....Oo....Uo....do....uo....~o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p.....p.....p.....p.....p.....p.....p....Lp....pp.....p.....p.....p.....p.....q....kq....tq.....q.....q.....q.....q....9r....[r....cr.....r.....r.....r.....r.....r.....s.....s.....s.....s.....t....+t....\t.....t.....t.....u....3u....Ru.....u.....u.....u.....v....Ev....}v.....v.....v.....v.....v.....v.....w.....w..!..w.."..w..#..w..$.Fx..'.tx..(..x..1..y..2..y..3..y..4.Sy..5.ty..6..y..7..y..8..y..9..y..<..z..=.*z..>.`z..?.rz..@..z.....z.....z.....z.....z.....{.....{.....{.....{....8|.....|.....|.....}....z~.....~..........l.....?.....S......................".........../.................S.....j.....}.................................<...................................h................E.....^..........+...........*......................{..........O.....................<...........*........... .....N..........d.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\vi.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):245743
                                                                                                                                                                                                                                                  Entropy (8bit):5.838377255221245
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:cpQIo6h0DdCG028xaGdTa1x8fuwGzd7ORb3cG3:cpdHh0DdCGYxaG1a1xzwGzd7OhcG3
                                                                                                                                                                                                                                                  MD5:BFAA2786070FD86DA7091206AF2C80C4
                                                                                                                                                                                                                                                  SHA1:4601DD694EC848721EFED3796332F350B8815EFA
                                                                                                                                                                                                                                                  SHA-256:B349996C541F1419E6CCC209078500978A24975C61851DA7AF1BAA8939EF76B3
                                                                                                                                                                                                                                                  SHA-512:AF97AE201087F151CBB8A6CD8952B24BB93D19AA04350E1DC6324D3D9F96EAFA0074554EBB20B3E1138D1B403C730ECCA62BCB1BCDAF4B93B57E598144F3AB10
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............v..n..w..n..x..n..y..n..z..n..{..n..|..n..~..o.....o.....o.....o.....o....?o....Ho....]o....jo....po.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....p....'p....8p....Ip...._p....cp....pp.....p.....p.....q....3q....[q....kq.....q.....q.....q.....q.....q.....q.....q.....r.....r.....r....Xr....br.....r.....r.....r.....r.....s.....s...."s....-s....Vs....Ys.....s.....s.....s.....s.....s.....s.....s.....t....!t....:t.....t..!..t.."..t..#..t..$..u..'.0u..(.Lu..1..u..2..u..3..u..4..u..5..u..6..u..7..v..8..v..9.'v..<.<v..=.Vv..>.zv..?..v..@..v.....v.....v.....v.....w....2w.....w.....w.....w.....x....Gx.....x.....y.....y....Gz.....z.....{....;|....V|.....|.....|.....|.....}....i}.....}....0.....0.....v.............................4.....f.....y..........2.................!.....\......................B.....[...............1...........................G................b...........u...........g.................K..........U......

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\zh-CN.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):183372
                                                                                                                                                                                                                                                  Entropy (8bit):6.706212830806129
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:GC1DShtDFlpCV5Zk6JZsjRyPJPOKpiZ5IWDrww32LGz2/ggdI2H1U+lEkL3SH:GCcDAs6JZsdvKpiZ5x8w32LGzUU+l8
                                                                                                                                                                                                                                                  MD5:A3D45BE23B33298A4145C40B5E0F1EB6
                                                                                                                                                                                                                                                  SHA1:097AB4E73B54D6F40F240CE7E45C6B3EF9FF5EE0
                                                                                                                                                                                                                                                  SHA-256:5AA6ED548C3BEB18DEDE142D476CF86B10C6DFD5451BE800FD393EB89B996643
                                                                                                                                                                                                                                                  SHA-512:22B74D250C6B7CC61F5CEF6660289FF0CB235A9A86E0924269E641ECC6799BE81567F29FE7CE0A93CBDBDD7352164C915F56E6790E15A766C2775F916664F61C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............v.pn..w..n..x..n..y..n..z..n..{..n..|..n..}..n.....n.....n.....n.....n.....n.....n.....o.....o.....o.....o....6o....>o....Io....Qo....`o....eo....mo....to....{o....}o.....o.....o.....o.....o.....o.....o.....o.....o.....o.....o....Rp....hp.....p.....p.....p.....p.....p.....q....;q....Bq....Eq....Gq....Qq....[q....pq....|q.....q.....q.....q.....q.....q.....r....'r....3r....?r....Er....`r....cr.....r.....r.....r.....r.....r.....r.....r.....r.....s.....s....'s..!.-s..".0s..#.]s..$..s..'..s..(..s..1..s..2..s..3..s..4..s..5..s..6..t..7.*t..8.Ft..9.Pt..<._t..=.tt..>..t..?..t..@..t.....t.....t.....t.....t.....u....\u....wu.....u.....u.....u.....v....fv.....w....2w.....w....1x.....x.....x.....y.....y....Cy....ay.....y.....y.....z.....z....9{....H{....Z{....t{.....{.....{.....{....C|.....|.....|....@}....L}....|}.....}....r~.....~.....~.....~....&.....B.....l........... ..........N......................l..........@......................].................D................%.....d.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\locales\zh-TW.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):184065
                                                                                                                                                                                                                                                  Entropy (8bit):6.709126454968701
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:W/6QFKJHr4D20P5ao+gfCYgjq7IUPn57kSW5GzOuU83uRtedHlVh0U/Kib5fTU:NQIJHiR3IGzXUW1KiBTU
                                                                                                                                                                                                                                                  MD5:1D39107656AAB170747FCA0CE47DCA0A
                                                                                                                                                                                                                                                  SHA1:2C87CB238C9276311B24AE4F5BF76A09232FDE46
                                                                                                                                                                                                                                                  SHA-256:F21BE566CDB18A7B3BAB71C4D6389DD0B2052AAAE887273B7FFF1E3B438200BB
                                                                                                                                                                                                                                                  SHA-512:29E8850258844B0804E810CB9FE166E0DC22046876165055A2E07ECDCB3B2F30A942755BABE083713D18CFBE86D7DCA93B2D32FE142D0E04A8AFE0DB2D59222A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............v.Fn..w.Xn..x.gn..y.xn..z.|n..{..n..|..n..~..n.....n.....n.....n.....n.....n.....n.....n.....n.....o.....o.....o....)o....1o....6o....>o....Fo....Mo....To....[o....]o...._o....ao....fo....~o.....o.....o.....o.....o.....o.....o.....p....,p....`p....up.....p.....p.....p.....p.....p.....q.....q.....q.....q....(q....8q....Dq....qq....wq.....q.....q.....q.....q.....q.....q.....r.....r....%r....,r....Yr....hr....zr.....r.....r.....r.....r.....r.....r.....r....&s..!.;s..".>s..#.ns..$..s..'..s..(..s..1..s..2..s..3..s..4..t..5..t..6.+t..7.;t..8.Tt..9.gt..<.|t..=..t..>..t..?..t..@..t.....t.....t.....t.....u....!u....pu.....u.....u.....u.....u....%v....yv.....w....Ow.....w....`x.....x.....x....?y....Ny....{y.....y.....y....Zz...._{...._{.....{.....{.....{.....{..../|....C|.....|.....|....J}.....}.....}.....}.....~.....~..........@.....U.......................o...........t..........E...................................y.................2.....k................^................".....7.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\natives_blob.bin

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):218275
                                                                                                                                                                                                                                                  Entropy (8bit):5.34737925007636
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:uUKt1rxNpyXcsR/H/UxRjh7uHRcdA4SSSLl/sL8:uUKvrxNpyXcsRf/UxRjhwcdAuY
                                                                                                                                                                                                                                                  MD5:100F66BE85612F7DD095E0F468497F68
                                                                                                                                                                                                                                                  SHA1:6D0B30428726D079AF3DEB3279033C268733DC22
                                                                                                                                                                                                                                                  SHA-256:E8472A5C9291C2B46B7BE611EC994D5E37ED9EC1B473E50DFC9A94C9A923CEC2
                                                                                                                                                                                                                                                  SHA-512:841A90B6B54FEAF47973990882D9A274B4E9F8E850E21A2B94A41B8FFD501969C77003C19B961D180CB2A0062B7E32A5AA6514FB34ABE8F1BA818795A2B91FBD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:..mirrors....(function(a,b){."use strict";.var c=a.Array;.var d=a.isNaN;.var e=a.JSON.stringify;.var f=a.Map.prototype.entries;.var g=(new a.Map).entries().next;.var h=(new a.Set).values().next;.var i=a.Set.prototype.values;.var j={.UNDEFINED_TYPE:'undefined',.NULL_TYPE:'null',.BOOLEAN_TYPE:'boolean',.NUMBER_TYPE:'number',.STRING_TYPE:'string',.SYMBOL_TYPE:'symbol',.OBJECT_TYPE:'object',.FUNCTION_TYPE:'function',.REGEXP_TYPE:'regexp',.ERROR_TYPE:'error',.PROPERTY_TYPE:'property',.INTERNAL_PROPERTY_TYPE:'internalProperty',.FRAME_TYPE:'frame',.SCRIPT_TYPE:'script',.CONTEXT_TYPE:'context',.SCOPE_TYPE:'scope',.PROMISE_TYPE:'promise',.MAP_TYPE:'map',.SET_TYPE:'set',.ITERATOR_TYPE:'iterator',.GENERATOR_TYPE:'generator',.}.function MakeMirror(k){.var l;.if((k===(void 0))){.l=new UndefinedMirror();.}else if((k===null)){.l=new NullMirror();.}else if((typeof(k)==='boolean')){.l=new BooleanMirror(k);.}else if((typeof(k)==='number')){.l=new NumberMirror(k);.}else if((typeof(k)==='string')){.l=new

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\node.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5777408
                                                                                                                                                                                                                                                  Entropy (8bit):6.740926769702569
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:4XJr2urEwqgM301JURAXYOVghR87GwaLH+exYsD1ExXP2Cw+QmRrksH3snn/pJg8:4phQw/M3iJUyYOKHzxxYhbrP
                                                                                                                                                                                                                                                  MD5:F89681A61E9A1BC85B02867D0008C190
                                                                                                                                                                                                                                                  SHA1:8E8609240C242C696004908AB2D2D0040D5C3916
                                                                                                                                                                                                                                                  SHA-256:7C058B8643EC33B1FD46C099A48A8F1D7E1E380AD488111F2007651C84F37F7B
                                                                                                                                                                                                                                                  SHA-512:776E9E5AC0963A109F372B2A1DD2BEFB373120B637272DF8044985B47310C0FBCAF18B25F13D2F6674C1B668B9318834830EE0141CD544CE97CC60A42087D651
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........V..GV..GV..Gt..F}..Gt..F...Gt..FH..G.A.G\..Gm..FM..Gm..Fe..Gm..Ft..G..FD..G...FU..G...FX..Gt..FD..GV..G...G...F...G...FW..G.4GW..G...FW..GRichV..G................PE..L.....Z...........!.....h'..:1.....p.$.......'...............................X...........@..........................RR.....`<T......0V......................@V......=R.T....................=R.....h=R.@.............'.T............................text....f'......h'................. ..`.rdata..0<-...'..>-..l'.............@..@.data...PF....T.......T.............@....gfids.. .....V......tU.............@..@.tls......... V......xU.............@....rsrc........0V......zU.............@..@.reloc.......@V......|U.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\nw.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):71894528
                                                                                                                                                                                                                                                  Entropy (8bit):6.995441262210375
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1572864:8Fq7paXDujVxtB/i+fbkoZLxvDkUmRu/gexM+0g1kXu2UuFoFvy6T9uQkA7:8aVxtB/i+fAoZLxvDkUmROgE0fXey6T
                                                                                                                                                                                                                                                  MD5:19A60A1933A84DAAEBEE60EF3FED9BA6
                                                                                                                                                                                                                                                  SHA1:17BCC01BD4B3450C4937295F0F8A9CF35407F57B
                                                                                                                                                                                                                                                  SHA-256:51AE35236BA372B796B65A6474B546AEE229CEC433ECAD23EAFB0497F9F50813
                                                                                                                                                                                                                                                  SHA-512:CE1C96F36ED4352611112AB5C322737EE3423A4734036D5ECE54A95FB7046E2F8D64EBF330D0A4953CA42A9D197BCF7A3D2B71D93164161C4DF1AC234CE5FD93
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.......CO..............js..3...js......js..N....w........".....<p......<p.. .......w....p.......p......js......js......<p..p...js..8........*...p...-...p...d...p.......p........r......p......Rich............................PE..L.....Z.........."!.....t\.........].n.......\..............................`O...........@..........................p......|}........'.@e....................,..k".....8..........................h...@.............\.4...DX.......................text.....[.......[................. ..`_text32.l.....[.......[............. ..`.rdata..$G....\..H...x\.............@..@.data...lA.......D..................@....tls....%....0'.......!.............@....rodata......@'.......!.............@..@.gfids.......`'......$!.............@..@CPADinfo$....p'......2!.............@....rsrc...@e....'..f...4!.............@..@.reloc...k"...,..l"...&.............@..B........

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\nw.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4127368
                                                                                                                                                                                                                                                  Entropy (8bit):6.623143149221357
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:21ofvF4pW2xu+3ozNMWhPCKpIrPdDJUbSThkVk8DvJnvfbwTJAosyhTcpnq1SfL:givFCW2xu+4ZPCdfhkVpDvdfb6cq1SfL
                                                                                                                                                                                                                                                  MD5:4D9F9AE313447C1A616574E185697E3C
                                                                                                                                                                                                                                                  SHA1:90C450FD63C36E1255857878851F265D496C6966
                                                                                                                                                                                                                                                  SHA-256:EE7F207871248C744AEE7BD029EC53C5A4401B3090FF9BF5F2C1B916FA043408
                                                                                                                                                                                                                                                  SHA-512:AEBBBADB4D1A0B40CDE87290A35352E2FD2BBC6B51EB13B490D0999CC1940BE760EE1CA5E37A3C4FB4AF2E6881A4C98127A66CB87AA8A1364368ABB59FEF6CF1
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........B........................)...t........`..................................................................................u.............................>.......V.............Rich....................PE..L...c..Z.........."......./...........&......0/...@...........................?......R?...@...........................7.h...(.7.......8..............>......@>..a...|7.8....................}7......./.@............0/......7......................text....?.......@.................. ..`_text32.l....P.......D.............. ..`.rdata.......0/......./.............@..@.data...h.....7..0....7.............@....didat..<....`8.......7.............@...CPADinfo$....p8.......7.............@....tls....!.....8.......7.............@....rsrc........8.......7.............@..@.reloc...a...@>..b....=.............@..B................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\nw_100_percent.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):762897
                                                                                                                                                                                                                                                  Entropy (8bit):6.716362640764218
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:q6lK1KUa39Oz+3K0QYvFJLMRQ8UALw4L/oUVxU1oOvvfTJ7bDlIJM/7OV71YwlsY:z8ra39snUwUI/oUyL5DRj8ct+
                                                                                                                                                                                                                                                  MD5:91F6676B40DE7D86D7BC4444D5820905
                                                                                                                                                                                                                                                  SHA1:BE2F6F557885219444A9759663EAF699E504F4DB
                                                                                                                                                                                                                                                  SHA-256:8205065283274C1AF5EB2C2ABD5B1F9A5B97893D6E4C2B9EDA27DB6EAA755A93
                                                                                                                                                                                                                                                  SHA-512:2E635F4B36A098F5839412404C3E5D0CE02438082B12F16F8CD1BAB22DD56DADE9C2794690C7D713422D2AD85E242D1A8E9CD9FF1735B16BBDE218CF3BA4C99C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........N.1.........7.......................v...........(.............................U.........../.....|...........X.............................:...........0.................R.........../.........................................'.....u...........^...........x ..... ....w!.....!....."....X"....."....B#.....#....C$.....%.....%.....&.....&....-'....u'.....'....H(.....(....").....).....).....*.....+.. ..+..%.~,..&..,..,.$-..-..T.....V../.....0......'i....'.....'.....'{....'.....'.....'$....'.....'.....'.....'.....'.....'i....'(....'.....'y....'.....'M....'.....'!....'y....'.....'7....'.....'.....'J....'.....'.....'_....'.....'.....'[....'.....'.....' ....'.....(c....(.....(.....(.....(J....(.....(:....(.....(.....(.....(C....(.....(.....(.....( ....(.....(.....(u....(.....(P....(.....(....*(Z...+()...,(....-(.....(W.../(....<(....=(....>(W...?(H...@(....A(....C(....D(....E(,...F(....M(....N(.7..O(.L..P(1c..R(.o..T(.q..U($r..Y(.r..\(lu..](Gv..^( w.._(.w..`("x..o(vx..p(.|..q(.}..u(.~..x(B.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\nw_200_percent.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1019602
                                                                                                                                                                                                                                                  Entropy (8bit):7.193346250260081
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:yoa3GSDwXR39dQjA3gMYIsLj60rd/oUrMjgs4jTE3uBUTN3:IDEXt9dQE3gRIamU/oUrMjbaE3vZ
                                                                                                                                                                                                                                                  MD5:FAC606B2F06A2C09F527581BF925B0BC
                                                                                                                                                                                                                                                  SHA1:82C95D8979CA2E2F9F984825C26B6ACE1335288E
                                                                                                                                                                                                                                                  SHA-256:79A5787B1E8D1BC492AC389BD1DB2C6A0F4677542E5D86ADA15538D2DA42027E
                                                                                                                                                                                                                                                  SHA-512:E1BFB13F219F3AC47F052FC3817E21B5AD0DF05702DF202E35A4B4C679F993783F4FE487FC8A3EA948FE7AB9917BFC1F6679D7084D390777CBD9E13472B2E838
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........Q...........g.................e...........c.................%.............................E...........).................}...........^...................................D...........9...........< ..... ....C!.....!....4"....."....."....z#.....#....}$.....%.....%....)&.....&.....&.....'.....'....0(.....(....I).....,.....-..........M/...../...../....H0.....1....e1....*2.....2.....3.....3.....4.. .95..%..6..&..6..,.Q7..-.K^....[d../.....0......'P....'Y....'.....'.....'s....'|....'y....'H....'.....'(....'.....'.....'.....'S....'%....'i....'.....'U....'.....'A....'.....'.....'{....'.....'P....'.....'.....'.....'.....'H....'.....'.....'r....'8....'.....'.....(.....(r....(.....(.....(/....(.....(.....([....(.....(~....(2!...(""...(.#...(.%...(R'...(=*...(.+...(A/...(./...(.1...(.:...(.A..*(.B..+(bC..,(.E..-(GH...(`J../(.K..<(.L..=(`O..>(.Q..?(EW..@(2\..A(.^..C(E_..D(.`..E(.c..F(+f..M(.j..N(x...O(....P(....R(....T(....U(....Y(i ..\(.%..](K'..^(.(.._(B*..`(.*..o(.*..p(.2..q(.4..u(.6..x(%9

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\nw_elf.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):422400
                                                                                                                                                                                                                                                  Entropy (8bit):6.694383773669672
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:jHmCxIXlhCOwW51bM5CHOfMG9LwbeL2G0zPbwkg7B8Gy9AOID3:jHj+X6Of1bfHOfMGqbg2GKbkBNy9iD
                                                                                                                                                                                                                                                  MD5:A2AFC1508381E830303542A1B8AE591D
                                                                                                                                                                                                                                                  SHA1:CD684FD6DD856927C86202A34B8092E531E1BC4A
                                                                                                                                                                                                                                                  SHA-256:4EED53297A5F418B5CA6F70329DA3CD6B2ADF6C799AC04916109C177C49A27FA
                                                                                                                                                                                                                                                  SHA-512:605B8F6EC8A635797867CBDB991845A58A477F7F59F45FE9713055199F37BD0CDB341DC1220B7AEBA7301555D2445DD6ED3463F1D999707938E85DA1F710F6BD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........>Jm._$>._$>._$>..'?._$>..!?W_$>.. ?._$>k..>._$>..'?._$>.. ?._$>g.'?._$>b. ?._$>..%?._$>..!?._$>._%>.^$>b.!?.^$>b.$?._$>g..>._$>._.>._$>b.&?._$>Rich._$>........PE..L....n.Z.........."!.....................................................................@......................... ....... ...(.......x.......................x5..0...8...................h...........@............................................text............................... ..`.rdata...I.......J..................@..@.data...\H...0......................@....crthunk@............,..............@..`CPADinfo$...........................@....gfids..x............0..............@..@.tls.................4..............@....rsrc...x............6..............@..@.reloc..x5.......6...<..............@..B........................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\resources.pak

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5755269
                                                                                                                                                                                                                                                  Entropy (8bit):6.213922800585382
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:KAx3gRAzJwVEtguWq/19Ob1HLCEqyUIGpXCALsScY9u+G1hdAK5QwJbeuRkoS3oy:VILCEwcz1h0
                                                                                                                                                                                                                                                  MD5:ECCD15B0C17611EF15764070E9694DF3
                                                                                                                                                                                                                                                  SHA1:63EE4639D7A0606FB502386CE4913B2626BCEA3B
                                                                                                                                                                                                                                                  SHA-256:DE44C40234F1E31581A88CE9CD477FAAA419BD0A11A4F51277B6D596CCF866F7
                                                                                                                                                                                                                                                  SHA-512:11AF8716E53AE267753A86E50A1D05E379E0831A5787F32575629BE7690BFAF2BA9C8B61B67C7F39C2B38306E1A995E8B7CC3976A301A679B9D544BD0377FE22
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............e.j...f..+..g..8..h..:..i.q;..j..K..k.SR..l.2T..m..T..n..\..o.T`..p..d..q..g..u..i....].....]....'.....'^....'.....'0+...'.9...'.I...'.Y...'Fi...'.x...'.....'%....'q....'~....'.....' ....'N....'.....'!....'.1...'.H...';e...'.{...'....'-....'.....'.....'.....'.....'.....'.1..Z-.4..[-<;...-O\...-9c...-:d...-Cg...-.m...-.s...-.....-.....-`w...-.....-@....-h....-.....-.....-.....-.,...-!....-./...-'5...-Y>...-.F...-.H...-.H...-.L...-9N...-hR...-.X...-._...-.d...-.j...-.n...-....-.....-h....-.....-....-....-...T.T...U.............>......'.....).....P.../1o.../.q.../.r.../Pt.../)y.../...&/....'/.N..(/.X..)/....$1....%15...&18...'1L...(1.$..)1.5..*1.?..B1.F..C1.H..D1-J..L1.S..M1WZ...1!j...?.....?G}...?....?.....?]....?5....?!....?.....?.....?W....?.....?8....?....?.....?.....?.....?G....?.....?.....?E....?.....?.$...?.&...?o,...?MH...?.p..%?....&?....'?....(?....)?....*?....+?Y...,?A...-?.....?..../?....0?....1?c...2?....3?....4?....5?.=..6?.G..7?.H..8?CN..9?.R..:?.T..;?+]

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\snapshot_blob.bin

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1198536
                                                                                                                                                                                                                                                  Entropy (8bit):6.0724872991141385
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:HbztrVZr3DoSHdbPOzwxxkNrBhw63E2Lf0Nyi6kJcMcOTN2I0vFi90o1:HbztX3DFA8orXF02Lf0NpJgU1mFi90o1
                                                                                                                                                                                                                                                  MD5:1BD6EACB823E1A4C5F17516B45C85CE7
                                                                                                                                                                                                                                                  SHA1:2693FB26D0ACEEA5001C6C8A4B5FE4B0C1735E33
                                                                                                                                                                                                                                                  SHA-256:34F17BC88B07D6F0C205153E8C85629915EA93EBBF0F82E4C173E292BF3BDB08
                                                                                                                                                                                                                                                  SHA-512:EC72E7E70EA361FFADE06E4324267243CC9907932A8797FCACBA1510745DA521F06365D3D6E48F8753AECAC51530F79D33EE6BADEDEDDE0980E7349E495C4348
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:................v.C.....h........p..@....#...........,.,............. ....,8........... ............,8........... .9............o......o.$......o......:<................. .9......:<.......,8........... .9......:<.......,8........... .9......:<.........,8........... .9......:<.................,8........... .9......:<...............uninitialized.....................undefined...........,8........... .9......:<................d....,8..X........ .9......:<...............>........,8........... .9......:<.................=..6......hole....$.........>.....9...,8........... .9......:<..............?..=.:..$....true.......=...B ....boolean.........,...........=........false..................=.~j.........,:........... ..........<.........,:........... ........;.$.......,:........... ........;=.......,:....!...... ........;=.......,:.....H..... ........;=.........,:........... ........;=.......,:........... ........;=.......,:........... ........;=.......,:........... ........;=.......,:........

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\swiftshader\libEGL.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):107520
                                                                                                                                                                                                                                                  Entropy (8bit):6.3572540880058
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:wB0bzVn8icEY9OkFwaMZsDV4AcVrvsoEX4vpTb/sW9cdS8h5TQ0y4oVPYT:wyt8pEiDV701vJaSKq4o1Y
                                                                                                                                                                                                                                                  MD5:973BCAD92FB7B30AB5A7A2F35E2EEB24
                                                                                                                                                                                                                                                  SHA1:594477D5FF4626B2CA72E485DFAF53CE8BDF497E
                                                                                                                                                                                                                                                  SHA-256:750CBA685EE7B85E87D4843F3AD9C549CB22E6FF90247373823CDA16DB7E2141
                                                                                                                                                                                                                                                  SHA-512:144C362423CE4D5C3F6A45FAB4E9DED409F06764E5497B5D03E67EB51C5860F38DDE631553D6EF6468C0FBDFAFA7B4B474C2AC913F57C6AEC81665BDA1375536
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................................................................E.......E.......@.......E.......Rich............................PE..L....,.Y.........."!................ti....... ............................................@..........................}..........P...............................|... o..8....................o......Xo..@............ ..@............................text...p........................... ..`.rdata...i... ...j..................@..@.data................|..............@....gfids..............................@..@.tls................................@....rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2013184
                                                                                                                                                                                                                                                  Entropy (8bit):6.726531618207793
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:pIcO8JVs8rBf5ACKu43D6YMu+46+/imfywoMuF5P3Rv:pFO8JHBfIN3D6YF+ItywoZd
                                                                                                                                                                                                                                                  MD5:1196BE50E7F9F56901865C0CFA76CA3E
                                                                                                                                                                                                                                                  SHA1:5384443AB344DBBF558E0CFC155CBACE89121871
                                                                                                                                                                                                                                                  SHA-256:2389E02AAB2A20D1067F4E6AC9D0E1961B99B64AA539A967842B3F60AF450365
                                                                                                                                                                                                                                                  SHA-512:E9954D974E70F56E3FDAB4F1A3341F9A960E3D8BA4FFC26F26D1E0562F38E75FAF1627AF81E143E3DD25ABC780FFB4C37F339B6783637EA414B4AE485EB3D609
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........y...y...y...$..y...$.!y...$..y.......y...'..y...'..y...'..y...$..y...$..y...$...y...y..gy...'..y...'.,y...'...y...'?..y...'..y..Rich.y..................PE..L....,.Y.........."!.................6........................................#...........@.........................`z......D...d.....".......................".....p...8...............................@............................................text...Y........................... ..`.rdata..:...........................@..@.data...............................@....tls..........".....................@....gfids........".....................@..@.rsrc.........".....................@..@.reloc........".....................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\css\opensans.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1800
                                                                                                                                                                                                                                                  Entropy (8bit):5.223532960977299
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:L286KGb28HL/RK28Y28vm1y28tJ28pf5pG28swy9IDi:68NGK8rZt8f8SV8C8pf5n8sNOW
                                                                                                                                                                                                                                                  MD5:EDAB2AD532D5A2E8736176A0D455B1BD
                                                                                                                                                                                                                                                  SHA1:10C0BA9E3D9A8196A6852F9A264CA378D0961099
                                                                                                                                                                                                                                                  SHA-256:AEAC4EF506D8ECDA071169649D3A9D46344E8EEC246BA1C716499E9FAB05F7E4
                                                                                                                                                                                                                                                  SHA-512:3C059E4BD497C22AD7DD586ED5252C091BC63753BCE2065D566C94C5B7F2BEBE5F858D2FC812052926F69F5465AEAC9389917EDDEDF1B7D0BFE5D82808DA9158
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:/* cyrillic-ext */..@font-face {.. font-family: 'Open Sans';.. font-style: normal;.. font-weight: 400;.. src: local('Open Sans'), local('OpenSans'), url(opensans1.woff2) format('woff2');.. unicode-range: U+0460-052F, U+20B4, U+2DE0-2DFF, U+A640-A69F;..}../* cyrillic */..@font-face {.. font-family: 'Open Sans';.. font-style: normal;.. font-weight: 400;.. src: local('Open Sans'), local('OpenSans'), url(opensans2.woff2) format('woff2');.. unicode-range: U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;..}../* greek-ext */..@font-face {.. font-family: 'Open Sans';.. font-style: normal;.. font-weight: 400;.. src: local('Open Sans'), local('OpenSans'), url(opensans3.woff2) format('woff2');.. unicode-range: U+1F00-1FFF;..}../* greek */..@font-face {.. font-family: 'Open Sans';.. font-style: normal;.. font-weight: 400;.. src: local('Open Sans'), local('OpenSans'), url(opensans4.woff2) format('woff2');.. unicode-range: U+0370-03FF;..}../* vietnamese */..@font-face {.. font-fam

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\css\opensans1.woff2

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 16868, version 1.6554
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16868
                                                                                                                                                                                                                                                  Entropy (8bit):7.9880541218783945
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:AF92jnHaPlexnHnbJg3txyB4pRvbSJsLJKJFZ9n:c92bHsWJmg47D2stAvd
                                                                                                                                                                                                                                                  MD5:4B60E71334D025BE8BD843ACC59753E1
                                                                                                                                                                                                                                                  SHA1:E0350190D720A8FEC0557AB47B318EC4E4486448
                                                                                                                                                                                                                                                  SHA-256:CDD6F09441727E4AC6FA370E2B8221EE3C2892265CB618AFA35643CBDD5B7617
                                                                                                                                                                                                                                                  SHA-512:B7ED2906BEAE601AAAF9249BE565C1F6A6F29FD9D2C36F7C8338AAD97B4ADD5CD8F7023F8EB5491A660E252021BD247B8C65564F2D2C1AC17B7972D754A568AB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:wOF2......A...........A..........................".....`....."..4.....T..D.6.$..p..<.. ..2..J....:r5l.....*.p._.h$B.820.kGE.q.(..d..9.r...<.jY........foL.%.S)tl....K..d.K.U*...O3.{...2.Gs...Z.5.Db.@g..)."....T$..c.?.7.Z...M..../..c..q....'fZ...q..2..8.3.n..i..~~.3..&5.}.7.w..$...*.t,.......~.&.L5.{f.?.lh..37......fbb.z..g.TLT...&..q.....E?.#y...v..}o?5.L..q.d.%.j Q...:.....&uV..Zq.-.8a.E../.oF.X..4T.s..E.E....*.jw*..H..?.L/.!K.....).#].L....6<.}.e.[2.RW....n.e....=..W..A......yY}..TE..U%...8...:+.v.}C|.PQG`.&..V~..].Yh..$y`...F..r..Bb.......I..t..*..7.FM.Q...v.-...Xc.;..D.6.{.L.\...:..._..{.HH.8X.\t....Y..[(...^......I.....dJ....9J..r...\t..K..g.....(@T.u...;..{......t..O}....B......:...s.s.(..K[.....wI.8....~9z........ .n .?I.xXv.L.`.)...2t....Ru. .t8.D.....q.....7.!.....$...F....5.5]....."...| ..xU)......{.~..~..y......a..!.iU.H.W1.....Q.8...&...Z..d S.VjUA...&.....#....l ..,.@SB$.d@..W../...A.....la..d\........S.f.[0..u.U7...ST/...W?.]1.@..6.P..

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\css\opensans2.woff2

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 9676, version 1.6554
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9676
                                                                                                                                                                                                                                                  Entropy (8bit):7.974841909039616
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:pvu6iax1W+gxgsnpb2Ds8gS78nB9fxoA3sp5XdWpQS2Jm6P8ve:o6iaLexDnYD0mOD13svtWyS+BP8ve
                                                                                                                                                                                                                                                  MD5:85759F54539623A05BF2E5A3F6799DAF
                                                                                                                                                                                                                                                  SHA1:BE201D32A9AA5D186723EBB3C538BE691AA8C53A
                                                                                                                                                                                                                                                  SHA-256:CF84A7B7066A47F6973D447ABE36D8B8247A2949DC66363F2CD861767885ABC2
                                                                                                                                                                                                                                                  SHA-512:9BEDED6DB64CB808B4E61F0ED26B26CE03A20ACF68275A5CFE7079758D6A72A791F273A6E939018B338EA414D2E3B149C92BCFD0313725F14BAA87F1B790FF51
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:wOF2......%.......J...%j.........................(.....`....."..4....x.P.6.$.. ..f..... ..2..?....UA......l....$B.8@.AU............j...u..nm.........Z...,.R.U:.M....9t...T^U....d...?..*0...:...Z.Y....|...5a.>\W.j....gi......._.e0.p....&C.2y.\..lr....+..b....gZ.....CX.a...Q7..3}_....Z.....r.d.cW!.:_...M.\ ...1.K...r-...p..m...vvba...D.h.X.2"X3.....Q(F.0zel....wV.....e.....{.8=.f.....}......0.)..t..M.T.._Q.pS...f.I.u....<.......U.......$...T.....9q.!.[.h...Cy.AvR.. ..;....'F|.......*.I$....=t.........pT.f.c.Bq...XOB.......S......Z...a....uz..9.2\$'.|.........$;......B.%...|...T.MsE...uy..-..2.......,.0T....rYr..B(.......P'.J..B.....k..^nB&.!..,4"..g. .Z.sA.!!....a..^...........mz..y].JB;~F....'2. .....J.......=...%?A.n...s..n.'....O..Jxe)*..!M.JBhL.cD..8.6..4?L...p....;~...x.....Pyx.......O...."...}.#.0.....T1.i...k.j..t/..?.%L83...c...!.......m.J@.......zf...(.~.u../..x'...V.X.\iP...8..q..n5...9}.MAI..%.A.s_.o.2.....%.A...~..@M..n*L.....H\

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\css\opensans3.woff2

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 2332, version 1.6554
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2332
                                                                                                                                                                                                                                                  Entropy (8bit):7.869949868745035
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Ibi/lZ1jAjJ+6p1/d4vfhRblBFRGLiGxrQ0EM4Jg5QsM:fZ5AjJ+8/4hRbFRtKrQ0E60
                                                                                                                                                                                                                                                  MD5:F736E54388BFAAD417DF1B30814B6AAE
                                                                                                                                                                                                                                                  SHA1:2C5B039B57F62625E88226A938679EC937431AD1
                                                                                                                                                                                                                                                  SHA-256:5CED1FBF1C36965E6A61DDCB52D7AD7CC43A8A6096A8E40AE2405BFBB3153FAD
                                                                                                                                                                                                                                                  SHA-512:4BEC4A9EFC6FDB22F805F5CF61F765C8DEB259C72748DE6069714AF0D4287B435583F8ADA6637DF3B139AE4CF5BD3AB805088C99888C10F54E9981C34DADC991
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:wOF2...................................................`.,.."..4....`.E.6.$...... ..2.G......Q.M.I.E..b.%%..XH`<-....FF..w7b(...}......5d..oq).....Z._N.L$.H..N....d.c....S...2y9o.,\..}...z]`:v..1A....y..y@..").r.#.e..a.....C..i?W'.F.-..Nf..}...#...I)C.. $J&..26..7f .H.<.....b1j.....+.[.`6....J^..&.o?@..2.... .....]._......$q...S......w`UY.8.9.$..}W....dg..p.%X.H.e..+..ZCt.....%.W...r.o...`...!........].-.......{.5 6....-....j...Y..\..G...o5..Z....'..+.Q,.s......cG..>tp......R.Vv..e.....".P0..y=...Eb...h..0.9.l...f...J6R..W.M.r..9Hm.).....:..)........@.G2.....v...<..?.7.IcnUE............=......Xa2....D,.....^.l."j_i.q. ......g..5n..U.....Y.X.B{../`...q?.....)..d......p.p.8. <../c2.;X.w<..E....+.....1...O..4.Qq.....wN.H.....J.$u...RZ..Qb.$l......2.n4*.5..U^..^.........9f...R...1..V.3N...3...&....1..G..rU.....a....z.r...i.%....[.RuMu.f*_.hp.^.2.....`....)71...**.+...n..E..v../....*{.2.!'P....E.....(k.hq........f3XN......*......v;.A.-..a....X~c.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\css\opensans4.woff2

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 8160, version 1.6554
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8160
                                                                                                                                                                                                                                                  Entropy (8bit):7.9700811821881645
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:9+77Ihm4JmBCuXbtbyKjgBnw+3uqS8IxZrtXPyR6V:9VvmTtUnHTSXhXKi
                                                                                                                                                                                                                                                  MD5:C09EA514A21D4A93BC0C4A96ED503A59
                                                                                                                                                                                                                                                  SHA1:BE365ECA44760CE3FC9B377C43D4634958479C69
                                                                                                                                                                                                                                                  SHA-256:F66947CEC51A5785E6F9CA02F45E8F0D22D43BA818ED114366D033E14458BC84
                                                                                                                                                                                                                                                  SHA-512:19365BC788085CA00F86DC74ABCCC77B48CC9F0BFE11093B52165B049ADDA5DC16B48598BD878AE2816465CB1AD70A4F134C4619CE58C8A76FCF15380B05B285
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:wOF2..............<|.............................(.....`.|.."..4....l.x.6.$........H.. ..2..6.....6....w.*........d....r.MX...."N....0..PFNX1...i.u.......Q.n..C.1.._...N..%,5:D...T....;L..?...D.^....<...xD.u...#..>..g2=...;.&..k(%A..}....u...p |H.W.%...@!\.........."..>/rK....W^...}..W.....@........X{@..z?.#..ga.5.LP2PuU.....\._..U.......&*.... .......TK..OJ......i#.lV..z\...m.Pj]4..SqZ. W.Y.Snr9..a...c..;].@....R.5.JV..Q...b...).:.gVY7....*b...L....B%4....B.f.. w........Y.?s..%i....2a.J.Q..B.g..O........u.2.i....i|(.l..T_.a.w.AP>,j.,a..IJ...IYO.sj9K.r.!.%.........$=...uLT......."X.y..yr....XSk..f....`....3.>A.....H...zd.q.E@.8.y3....u..7.......vv.(D.m..A..sZ%.@!...p.F1%..Y/.<H$.._!....=.'....\\y.A%|.rXD.....3.i.e.8Q..LR....p.........GI.EC.....x..1?.D....}6....Tm^......L.".w...(.nZH..<N=n...DU.S.NY2..$...,....D...2.,.....r.H..tg..m....1.>....."..$.,...s...4tM.".O..~.Z...d.m..2..VRpF. ....Ef..a%..P.Jb4g..Il(..s..X.J.V.C9c.\...e..V...+t....

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\css\opensans5.woff2

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 5740, version 1.6554
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5740
                                                                                                                                                                                                                                                  Entropy (8bit):7.95831025079887
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:UEocAnI0DGeTJqMNB6x16AIoeqOqjk/kWA812MX9GPvlreZUWxajgCsQyN:vnAI0KetnBw5IqKkxYhXwPvlr6UWKxyN
                                                                                                                                                                                                                                                  MD5:5C02962E1F9A25F98CC3CAB0DC1EE177
                                                                                                                                                                                                                                                  SHA1:C4248EA800BD5608344CE163F5658B57E7EF9410
                                                                                                                                                                                                                                                  SHA-256:CA17AE084F5465C81BA80EC29C647ACD772F953738940E874CCA265ED81499FA
                                                                                                                                                                                                                                                  SHA-512:3D903B73B3D7129083DA4A7C9458D61A17C73DD489F273D46672AD75C601F3B790F695C667361AFFE020B0CFFFDB87B370F3ED9B4A11BED8B59E529D42A92D09
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:wOF2.......l....../..............................(.....`.R.."..4....,.w.6.$..`.Z..t.. ..2..o.....*....a.........d...8.;...p........&l....$KF..%u_...w....H......+3.....v...U.z....]7........s.....c..,.."............2....6..WD.X.........h.9.a/.q....1......]6..G........B..D....7.V^].....N.gJ...9.Z.E..V%...0e.To.......e...0....M.w.n..-.L2i2$....N..5$..@4.p...4R..aL.V...9}:g...y!O>....`{SY_....Ne`.N..J..O..J.....)7...-EHEGQ..H...ki.6....5.^..Q..*b.B.I...\.R....h.hZ..Jx..~c..D..]mk....B.4.Ecb/M.#jkN..............Z3.FDDD.hF... ...P .75@ ..@f.5.|".;y5l?..h...$7....,...h^?.0.CQ8I.&.........f.r.,.J..-......b.R@.!.]E......[...ERL+..p.-.].O.C...L.C|[|....|...n..*.@..Zk..oO.P..i... u\.....[....=A..G.&........3/./.Y...8..7...,c#V.E.C...JZ]VZR\TX.........HOKU.$'%&..M.2y..8~.h.....#xX..#..t.8l..A...!..BFR6.|bQ..F!.=.J.JL...Zl...Z-..%0@!..*a(.Z]3..8...2..}M.z.*|D7&.VZz......D!.y.!..E..b...;i.k...t,/.G!K.....M.P\O...^T...S.1.}.._K.%..T...QX.n.T....5.(S..k.n.mH../n.G.-.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\css\opensans6.woff2

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 12288, version 1.6554
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12288
                                                                                                                                                                                                                                                  Entropy (8bit):7.973221791058246
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:yS4RT4Sxe82NOQXmzngpDbW6tyC3Kew1r3ZuhSZVKk4Ht7Y4kyv4VCK3c+J1aA48:/4tt2N7Wzg5NtV6/F3wcnKttU2vkCr+T
                                                                                                                                                                                                                                                  MD5:921DD520C3FBA714997C8B941D51DBC5
                                                                                                                                                                                                                                                  SHA1:113978181DCAC77BAECEF6115A9121D8F6E4FC3A
                                                                                                                                                                                                                                                  SHA-256:A846F7AF6F32F2BE5CB922158882116AF42816A0FF71506920E18A3BA89456B9
                                                                                                                                                                                                                                                  SHA-512:17CE9CD97314F7122879EC05B9A379E6ACFB6B4B5E9BC7C12A46CBB81B45B772DDC1F41471F4B6FACAC9010FA69F0420A7C538B6B9293A19551CF9593033C6CC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:wOF2......0.......r.../..........................F...l.`..n.."..4....@.(.6.$..,..b..X.. ..2..".....gw.......f...../5.L{.Dd.\.5.r2..........l. .VU...$..&.....[.......&..$..F.. ..B.$"..t..#...g. {.".9M2YJD,=..w...N.........vG;.........*........F...W.o.eY>.~..6._.!..E........-.=Q...e.C..I..._u...{w..-..D.......Y}y...!.f...8.q...".F...........5....8+......s.Gy}_.dT5.,t.t.?.X...g....p:....3.@..~.A..qrP]!.;@%..oU..........Y..a"..z3.=....T.....?.[./.("..+...`./.bH7.+[.Y.E.<.3..s.....^.....!O.....=.M..qd.>..&..5.c.!...7U=...$.)..G.........N...J/c=g...}.e.....V?...b....F....!|<....tkc......o..{...5.^."4.H..Yk.C1........=b...z._..0......$ ..L)es2L..}.....I .@..t.\A..|!(.G.Mv.R.@.#....VJ].)c2.c.[.f..z~....H.qC1."+...........q..o.S<y..5..3.0..!m.B.J..5...$.<....Z.......L.r..[.T......\U.cJ....O.R..%2q.&.H.S.....L.`m....... @[..C2.....u.9v.s.s.K.M..`u.....A..87>.@.P...G.>n..A....^ZC.[... x......t(`..9.3^.E.+._...8v....'.r>.@.....f.V.....1....8

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\css\opensans7.woff2

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 15572, version 1.6554
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):15572
                                                                                                                                                                                                                                                  Entropy (8bit):7.9810164149550245
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:js8NoiTYZhWLvKuU4dX+XD3lk8M4RedEEHluh/:DoiP+4dX+T3OCRkE6I9
                                                                                                                                                                                                                                                  MD5:E64CAB167BBDC04807429D10873901A0
                                                                                                                                                                                                                                                  SHA1:AFC44700053C9A28F9AB26F6AEC4862AC1D0795D
                                                                                                                                                                                                                                                  SHA-256:60F9B5203842A4FE2D52F7C96F3C57B755BBF8F347535469739BCC6F95A9C4B5
                                                                                                                                                                                                                                                  SHA-512:9812A394D05F56B70C1DE57FF6CCD46E15C2DB99A003138A0CC2210D08303746969A269F37583A6BE14C706C645FB923136E4231B3ED1FB47FCAF6209884CEAC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:wOF2......<........8..<p.............................t.`..L.."..4.....D..B.6.$..l.....<.. ..2..(.....w..;[...C.[%[.v.(*T..E.q@..g.....yI..%X."h.u..O...)nb.A1..hC.V.@CN....~.e..........el<..s.....8.9..5B./(..%.k..4Ji.:.....C".o)&.......T.......K....R...R(.......G.T..'.6...?......j.o..,..T.I.&..]..g..@.B. ....P&...m..Q.r.*.S..=Q.1.....2r......*D....9.._......?.6f..F.......^.r0.7..W.dY..$.......\.x...{..%.-....g.K>.>.Y. ..AtAti@..q..&y..).)..(+..aC.......d....Xy..T_.[.l}K..DN...A..Ug.....,..J5....".&.F..@.v:..pM5......}..,.AD.~..m.....#..%./B]..E-..Xv;.i..r..h.e..O..V..1P...`>.S...../.jUb....Gq.9@..x..O.v\.........A..'...5.,..A...p...".&.4...S>.-)l.Bo.'5?4S3...14J.]H.^....|!......L....... (....R:/II..FP....@...SN.7.....D.K1Wv..M..../MO6x..2B........Q. ....^B0+&..i..xZ.GS......:.2.....d...)..x...l!.>r.............TJ.S..4....E.).sN.e. .2..p.I1..&...$....Z..0E.t..G..............vkp..h"...iH@.B..[...D.,0..e.....AN....r..w.......L

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\css\style.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1418
                                                                                                                                                                                                                                                  Entropy (8bit):4.698390719889073
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:UrrNeheolqu4dkryq3YZiDUtk73fRd0tsaxQfdQ5SsuaIV:UrEh1xryEUta3fRd0txGfkSBa8
                                                                                                                                                                                                                                                  MD5:5A11E5622D026B6069E8B63FBC0D50CF
                                                                                                                                                                                                                                                  SHA1:8EF846CFAD50FB752841B8897AB00F71D402A6C8
                                                                                                                                                                                                                                                  SHA-256:C8E67BC0574AA9694C6BBF4A4081B530D104F05FCD028E449D2B4E1B74918B08
                                                                                                                                                                                                                                                  SHA-512:91EE322CB5C67DEA81991B676B3C3C8EB2DBCFC192EBC25C38594DBD58D440FD11F271B2DBB40D11B639DBFA61873AB4E4A2CB6C14D89C04254BF4FD584091CB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:body {.. -webkit-touch-callout: none;.. -webkit-user-select: none;.. -khtml-user-select: none;.. -moz-user-select: none;.. -ms-user-select: none;.. user-select: none;.... background: #333;.. color: #fff;.. text-shadow: 1px 1px #444;.. font-family: "Open Sans";.. font-size: 22px;.... cursor: default;..}....button {.. color: white;.. background-color: #77b577;.. width: 100%;.. height: 3.75em;.. line-height: 3.75em;.... border-radius: 0px;.. border: 0;.. cursor: pointer;.. display: inline-block;.. font-size: 0.8em;.. font-weight: 600;.. text-align: center;..}.....minimize-button {.. cursor: pointer;.. position: absolute;.. right: 21px;.. top: 6px;.. width: 10px;.. height: 10px;..}...minimize-button:after {.. content: "";.. position: absolute;.. bottom: 0;.. left: 0;.. width: 100%;.. height: 1px;.. background: #fff;..}...close-button {.. cursor: pointer;.. position: absolute

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\images\fast.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):675
                                                                                                                                                                                                                                                  Entropy (8bit):7.606800268124855
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/7i6gX7dGD3+zoCQDrqUw2QUp9RKG3VvJN1xOJ24wLTYqp2agcmitQ9:78DOsCQ/PQoRB3VhN1k24wfYqp2avVa9
                                                                                                                                                                                                                                                  MD5:8D1ED092B3BE364DC47574F1310D2C87
                                                                                                                                                                                                                                                  SHA1:D5BBA623B5AFB4C5B6C0AD5ED04A10F1881DA595
                                                                                                                                                                                                                                                  SHA-256:07B61E98466A1F851D5DCF555AD9B901684EE622275129B98C38DA3785506FF2
                                                                                                                                                                                                                                                  SHA-512:70134A9B5B786473A56F11BA7098CA6AF568EEF97AA8704A9748A5EFDFC4F16CEE1F9C22CEA9F55660BE4FEB14D6C1B5B09A7C76076D4F813A58FECF27BB8828
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR... ... .....szz....jIDATx..VKK.Q....R."..q.....Z.|.P....."b..'.......XiE..B6.6Z.c4.8....nf.$Nf&^. d1.w..9'.*..$.(.2N.V.|.&....g...8.E.%].y.G_$8...O.H..4....%..>.N...P.....K..V9Z..4f..Y.,..T.pGi.%.?8.,@..W.'q...g...}p8....y.5r.......)......&....(.WrD_V.er.).h.....t....c~sN..u&S....Z.m|.n..c.-_.A....(...._....X....,.hBD..<Z..Yk.V..._7V...U.........;....'....F..>;B..8.^.f../.:.. a?]..\.l......&@dD.g..y.r.p.g....fG<......M...r.....c..,...FJ,W...2G...d.9Q.4..5{4D...,._Oe.......Csbw.M~......dU.........j.0W.....r...'.s6..S......n...E...V@..e.$V....rfeN7.I...z+..`..R.,.N.]...>z..i#.*.~b.....N'..~0go.].*....I.e.x........[.S......IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\images\fast_off.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):620
                                                                                                                                                                                                                                                  Entropy (8bit):7.532871627537594
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/7iQz6urs3fgXgJX3MrE5s7j9dtn2ZA7FkmIA7:2WfgXCXkd14XmIC
                                                                                                                                                                                                                                                  MD5:F775E05DAB18F69D2901B12299E63A16
                                                                                                                                                                                                                                                  SHA1:B13CAB82F3B766E77589C8F99777FF27DC914FAA
                                                                                                                                                                                                                                                  SHA-256:88D3DC2159DD31907CCD68C01102D94501476837998072B88DB6006AA459EB30
                                                                                                                                                                                                                                                  SHA-512:9BA707E41DD3C971245BC45E97EAD1BC3FCE037FF5DEFCC4780744F1A87BE3F7B09DCC73446F952FD9B39D372431841C7355A3B16DBFF7FC05E23A94075D0B48
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR... ... .....szz....3IDATx..WKK[Q..sk........ D.Q.'...R.BE..(>VJ...."A...D.7......_..|SO8..s...B.......I ..{<;...,..|..:J.|...c.9.M..n.>.c(...+}D..8.h.%.e......\.BU..<...:..ls.@...g../v.J....\Fb.....;...;.QsO?...9.G.................48...`.M..8.0.....C..C.x7..j...0...X<.sI....L%..)...b.v....o.....Z...:.........8...U@@....)....`.V-.._7V.....k.E`....[.g&z....'[z'R.8.}y.t.p,.2...........t.........s.....j.B-*y.@.r..Q._dG.kM#;>u..6..W.:...9f/.b..:].l..j8..m.0.....zs.99...*N..#....mu..DjB....E.+....'F>..&N.X.2@({.(..{....$;..j...Y.>..:..d..x......~.7{C..O.....:0a......Giu.....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\images\grad.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9728
                                                                                                                                                                                                                                                  Entropy (8bit):7.962335133869884
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:sqd9LjOc71eEd9G7zIGHO3mgUD4Z2q5DO0sAmasbPbLiovYT7hE6/6co0il0:sY9Wc7d9G7zlHuUZqECma9/H/X
                                                                                                                                                                                                                                                  MD5:DF9772D8383B587D8E0E2D78C1DECE5D
                                                                                                                                                                                                                                                  SHA1:C7371EDD4272592A373E04A9B3A4D06C26A8DA0A
                                                                                                                                                                                                                                                  SHA-256:F513EC17BA8716C92D362D0D892CC74ED5F5B1B45EA857D9F7D63794840696C6
                                                                                                                                                                                                                                                  SHA-512:EC89CA890BEB39B2DD2DFC3CE91A93626F37305FCAFAED1185AD781EE5E10329AC75ACF5386F478B5627CBEDAA5F34DC6D6FAEA38A621EB589065DAF0E790C70
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...d...d.....p.T...KiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about=""/>. </rdf:RDF>.</x:xmpmeta>.<?xpacket end="r"?> I.:.. .IDATx.}}Y.lI...O.7Te.!.-.. m.7...C;...C?...*_8.A.......8..4.8..x....?e&.....;....D ..5.......F..H.5:.....vt}V_HT..rc....vw..w.Ym.......F .@d.e....@D"..H ..~......].....}n..i+...#....."..=..O5.B..(..=...$.=.P...N9...Q..R5..........P...q...zI)..{..\......C@u....7,...].wa...k...5..x..6..k....%.....N..H..#..5.h......v....#B.s..>z...f8.5.W...e._."B.sX.1.h..s7.Y.#..M...T..3gr....T.N|.......F.}.o....B#c..<A.j....HU.'.oY....[..=..h.r.....1a.!....p..<&s.......OJf.@`h.......e.1....c..W..k.._..Sx...K...}.i...8q.H....R.7.*.....:pK.'bN.8.b.<'q\;8....YV...'..9...SL.ZN...........GZ.N./..&Mz

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\images\msft.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 172 x 73, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5011
                                                                                                                                                                                                                                                  Entropy (8bit):7.9230181220317215
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:bRci3PH/1hCVT+NCCGtcM/04yD57da+NjBYJcxKCP2:bRci31kh+NCCVM/A7da+NjBAlF
                                                                                                                                                                                                                                                  MD5:9D3989274A9F42CE68270B6D62740980
                                                                                                                                                                                                                                                  SHA1:257C28BABA104DCC8A15AEBE823FE944D9900FA6
                                                                                                                                                                                                                                                  SHA-256:8CD8503A2ACB24D6B8B744A37300B71FBCD7E6EDE767F78C3747C5B4CE7F545E
                                                                                                                                                                                                                                                  SHA-512:C6DE4375475AA556408AC8A16C7601E4934E10EF7B2675D161EB98FB5FD28A957E021D13227CC71880B6E51E53E3BA7CA2E38E4E3CAA8488A673D4536608BA81
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.......I............KiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about=""/>. </rdf:RDF>.</x:xmpmeta>.<?xpacket end="r"?> I.:....IDATx....]Uu.?.4....ID .dB.Q.). D.....b.6Am...CEk.;.Z]..&b..6.R..t.4jQaa.J..!..$.!N..!..y.$.......=..9...&...]............{_....V`9.8r..X....b.sX.t..%h+T0.+#P.....!.1.........v....X.t..}.Y@......Fx....z.".......]..m...>..n.L.;.2.Q.xa@....h..@[+.8.+....j..*.K.r.....R...y7*...w......-...l....TC.....|..].h.:.G`.v....u..0ok.......`....-45T#z,E............B..v.i...{.`.;:...o.T..uH..RT`|..c.*...r4=..B2G.Y,G.6.....}U8....h8.Ff...5...FT...h...mE........!..h...x.%r..V.hD..p..`.]B.....p5w....,.5Th.m.~*.=..j&A.C.....Pa.*...R...BK!...Q.....<...D.1.=....>...p3pV..F..*.<........S.-...z..}.2O..I..J.8.5

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\images\patent.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 95 x 43, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9406
                                                                                                                                                                                                                                                  Entropy (8bit):7.94022430872657
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:EIIHUCD4wacvaKWaFGlENytchQA1QIEM91eBm:60wsKWaFGlEMtchQALv1im
                                                                                                                                                                                                                                                  MD5:A325C56AC5095D3459A31023CBDDAAD8
                                                                                                                                                                                                                                                  SHA1:77D2CE1EAA9775D901DC79A329D324C5F20F0E75
                                                                                                                                                                                                                                                  SHA-256:2E7C88199F79F7EE899DF4333E85EA8959C6B156C1EA96DC0F0A1D3FE7D48F0E
                                                                                                                                                                                                                                                  SHA-512:256D0826778D9B77FA79C4F6EDD482B9969276AE58EAD3514010EA937C5966F00E7FDFEA3938F8437402C76124E671DA0F902A2CFABF9DDC1A4C6EA8399D8A64
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..._...+.....i.d....CiCCPICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m....... ......O......:..L..$R...J5e?

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\index.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8057
                                                                                                                                                                                                                                                  Entropy (8bit):5.182970887860503
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:++HHSG5HwOabNX2XlIbsfM3YOOOGbp/fHypKind/RDaW4pTfj+OYQvALQw72fkKu:yGh32GXHM3VMxWd47fj+OYQvAP7OkKmx
                                                                                                                                                                                                                                                  MD5:B4F0BB84798327AE57D08BAF6CB8D542
                                                                                                                                                                                                                                                  SHA1:B96C6228104932CBB077C2696604520821F2A2B1
                                                                                                                                                                                                                                                  SHA-256:2E96643BF6954FF8F2E4CA79CBE61C187CC5B483F2691F0FBE5444FC26FA7CD3
                                                                                                                                                                                                                                                  SHA-512:46189DA5F7C017C6B2A22E0C1A43BD169E9D0D1271ED3B51F1A6D7138C0891687B8F2C55B1DF673D32C9136E8D892A734F486D5ED3DD7FB90AD5968840A917BC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:<html>..<head>......<link href='css/opensans.css' rel='stylesheet'>..<link href='css/style.css' rel='stylesheet'>....<style>....</style>......</head>....<script src="js/jquery-2.1.4.min.js"></script>..<script src="js/circle-progress.js"></script>..<script src="js/chart.min.js"></script>....<video id=fastvid style='display:none; position: fixed; top:0; bottom:0; left:220px; right:0; z-index:0;' width='100%' height='100%' xloop nocontrols xautoplay>...<source src='vid/fast.webm' type='video/ogg'>..</video>......<body style="display:none; background:#111514;">....<div id=welcomeToFast style="position:absolute; top:150px; left:100px; font-size:42px; display:none"></div>....<div id=topHeadline style="position:absolute; top:25px; left:0px; width:100%; text-align: center;"></div>.. div id=topActivateBtn style="position:absolute; top:40px; left:0px; width:100%; text-align: center; font-size:14px; cursor:pointer; Display:none">Click Here to Activate Immediately</div-->....<div id=minimizeIc

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\js\chart.min.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (65327), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):158750
                                                                                                                                                                                                                                                  Entropy (8bit):5.366119866830528
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:OXZdEOLRr3NejQIooAIf9olnc3mfxZEtgsIC+Mc+CXxrP7eZYOcHBCF2RrUsAclj:4LetVBxpSxr6iHS2g+meI+B
                                                                                                                                                                                                                                                  MD5:217CB5D4EA048DE6BD91DBCE1B3BC12E
                                                                                                                                                                                                                                                  SHA1:C62B51022581122005182D235D78C19B8D53509F
                                                                                                                                                                                                                                                  SHA-256:FEFEF4C25BBBDC09D6000B14AEFDAE1398A0A215E5402D6DF86C61052D49D408
                                                                                                                                                                                                                                                  SHA-512:98A96C4B779E7CFD10447BD6E843AD6E97FDE08B3C1BD70FBB0C10F5533FF4D1E95ED3B965B152781BC1E198F2979E9B28E5030CAD9893ADCC0FAA012A88D445
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:/*!.. * Chart.js.. * http://chartjs.org/.. * Version: 2.7.3.. *.. * Copyright 2018 Chart.js Contributors.. * Released under the MIT license.. * https://github.com/chartjs/Chart.js/blob/master/LICENSE.md.. */..!function(t){if("object"==typeof exports&&"undefined"!=typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{("undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:this).Chart=t()}}(function(){return function o(r,s,l){function u(e,t){if(!s[e]){if(!r[e]){var i="function"==typeof require&&require;if(!t&&i)return i(e,!0);if(d)return d(e,!0);var n=new Error("Cannot find module '"+e+"'");throw n.code="MODULE_NOT_FOUND",n}var a=s[e]={exports:{}};r[e][0].call(a.exports,function(t){return u(r[e][1][t]||t)},a,a.exports,o,r,s,l)}return s[e].exports}for(var d="function"==typeof require&&require,t=0;t<l.length;t++)u(l[t]);return u}({1:[function(t,e,i){},{}],2:[function(t,e,i){var o=t(6);function n(t){if(t){

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\js\circle-progress.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):15899
                                                                                                                                                                                                                                                  Entropy (8bit):4.76323863494514
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:wPeb21wglBqMcF14UxkPl/wxmFM2g7nR2Juv:n2W+qMGoVFM2UnR2Juv
                                                                                                                                                                                                                                                  MD5:0912DF1CB8BC4B1D791524EC962FE932
                                                                                                                                                                                                                                                  SHA1:ED06DCF2219A3AB5682E087D70B5177D6E182990
                                                                                                                                                                                                                                                  SHA-256:0014E3CFD890D2C64B9AA76C610E6FCEE5800D1D23A0DCDA964BCC7F3F95EBA4
                                                                                                                                                                                                                                                  SHA-512:D70D26073FD0C9D58B8FF0090D86BA4C2C4A1F51757603384C599B30137C2CE8440C59AE3F138B8B063A21F4F15043B5703438BC7FB92CE53B3EE9698800429A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:/**.. * jquery-circle-progress - jQuery Plugin to draw animated circular progress bars:.. * {@link http://kottenator.github.io/jquery-circle-progress/}.. *.. * @author Rostyslav Bryzgunov <kottenator@gmail.com>.. * @version 1.2.1.. * @licence MIT.. * @preserve.. */..// UMD factory - https://github.com/umdjs/umd/blob/d31bb6ee7098715e019f52bdfe27b3e4bfd2b97e/templates/jqueryPlugin.js..// Uses AMD, CommonJS or browser globals to create a jQuery plugin...(function(factory) {.. if (typeof define === 'function' && define.amd) {.. // AMD - register as an anonymous module.. define(['jquery'], factory);.. } else if (typeof module === 'object' && module.exports) {.. // Node/CommonJS.. var $ = require('jquery');.. factory($);.. module.exports = $;.. } else {.. // Browser globals.. factory(jQuery);.. }..})(function($) {.. /**.. * Inner implementation of the circle progress bar... * The class is not exposed _yet_ but you can create an instance through jQuery method

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\js\jquery-2.1.4.min.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (32025), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):84349
                                                                                                                                                                                                                                                  Entropy (8bit):5.366942924126885
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98HrA:f+41hJiz6fhdlTqya98HrA
                                                                                                                                                                                                                                                  MD5:B0DC11D0A434AAFE88908C7F33D71095
                                                                                                                                                                                                                                                  SHA1:1327F754FF87D26BCED46568543207E9DF190AAA
                                                                                                                                                                                                                                                  SHA-256:DE4B3C3D1DC2506B6693F0F98884E1DC074CDA9D66CAB39B7B48A115FDFC4C0F
                                                                                                                                                                                                                                                  SHA-512:177719EF74C4593E139FD254AACA5590B108338F1139041E24C56CA212BDC61CBFDCE9799C8A51FD7B67E587B920097294E834FDACE5127BCCA9CE2877F48EA0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:/*! jQuery v2.1.4 | (c) 2005, 2015 jQuery Foundation, Inc. | jquery.org/license */..!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,funct

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\js\ui.bin

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):68976
                                                                                                                                                                                                                                                  Entropy (8bit):5.889116979833995
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:Y0m1egzPi8K4gAUJNLtxgc+RcvJoEiCO3M6t:01egu8K+iGbEiCkt
                                                                                                                                                                                                                                                  MD5:ACCB2AD77AC6227F870DDDB5C85A7CA5
                                                                                                                                                                                                                                                  SHA1:B11E8B0EF653484AB642F7209CB320FA8737D54E
                                                                                                                                                                                                                                                  SHA-256:1B1408C45847403380B056820280BD8ECE7AD98ADE5D2A046A574A0EDBF1B3FA
                                                                                                                                                                                                                                                  SHA-512:E4DD6408E110A3A6C6DB6917C9BD972AABE3CCF2CFC36059D2AEAE9B517CD534B76D1BA3529BB542E478563CAAA2C394EDB1CD5F531048B523678CE74B3F4F42
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:....v.C.+........GHL........4....3..R..6l....0...............T..... ...........................U...p.m.......................................gui.........a.............z.....https...............8W1....win.............N&....bClosing...........>/......bRunning...........}.J....bFirstMinimize.............j......bExpired........ ...u>"...bInExpiredSetting.... .........V.N.....bEnterKey....$..........uD. ...bInActiveSetting.(...........67....bTrial...,.................nTrialLeft...0...........:.....nMaxInterests....4..........N[h....bShowInterests...8.........u.)....fast_UUID....<.........Z.......fast_Version.@............_....defaultBrowser...D.........B.S,....bFirstError..H...... ..v#.."...bFirstStartReport....L............x....bTutorial....P...... ...4.&...bTutorial_apps_word..T...... ......(...bTutorial_apps_excel.X......(....%.2...bTutorial_apps_powerpoint....\...... ...U..$...bTutorial_apps_pdf...`.........*..;....fast_urlPixel....d..........g.M....bSurvey..h.........6.i. ...n

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\js\ui.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45
                                                                                                                                                                                                                                                  Entropy (8bit):4.461530252405225
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:+BKSLDrbIoMLNLQJlWsren:+Dn4oRVre
                                                                                                                                                                                                                                                  MD5:FE10063F4A895C45C6F50E4B031A7B7E
                                                                                                                                                                                                                                                  SHA1:6B2E8F116DBDD03A7AD19C0C156C0C3824AA1AD4
                                                                                                                                                                                                                                                  SHA-256:FE3E5FDBC7265A8463D2AB98D7066DF486717A760501CBCFB3E8EBD7478CCAA5
                                                                                                                                                                                                                                                  SHA-512:36A8EA42F7D35192DF68246520A7F91946A8E7DCF3747112C6FB2DBB9159F2DC31AF527BC0A66772EE379E08C3036E16D6B191DC34AE0B3D324BC42F83EA32FD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:nw.Window.get().evalNWBin(null, 'js/ui.bin');

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\notify.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2146
                                                                                                                                                                                                                                                  Entropy (8bit):5.34504763642635
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:d8WHoTFEdD8WN8FiYtiC3ld7srBGVDmVeDt3swsLqgo:HHoZnHtj3lt4G12mjsWr
                                                                                                                                                                                                                                                  MD5:0EFCBAE441CA3AB09B12EEFE2F24A899
                                                                                                                                                                                                                                                  SHA1:B2A1F4E83DDD60E2C0B81106B6DEE20011531CA4
                                                                                                                                                                                                                                                  SHA-256:2B4F2DAAAD6A8B1299095A7E2815210E0D4DABA14064AEB61908C0BEB83E9F17
                                                                                                                                                                                                                                                  SHA-512:83A614ABA419B134BDA3CD3DE5CF6A3F42F2F2E6C1DE3DE8717FE4118D7F7A91DC4118FE190F9563E0702BC1547408ED2D57CCC4FCCE083EAB684DD286CE287A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:<html>..<head>....<link href='css/opensans.css' rel='stylesheet'>..<link href='css/style.css' rel='stylesheet'>....</head>....<body style="background:transparent; display:none" onclick='onClk()'>..<div style='position:absolute; left:0px; top:0px; bottom:0px; right:0px; background:black; opacity:0.4'></div>..<img src='images/fast.png' style='position:absolute;left:10px;top:40px'>..<span id=notifyClose style='position:absolute; right:10px;top:10px;font-size:10px; cursor: pointer; display: none;' onclick="event.stopPropagation(); closeMe(1);">X</span>..<span id=notifyText style='position:absolute;left:50px;top:30px;font-size:16px'>..</span>..</body>....<script src="js/jquery-2.1.4.min.js"></script>....<script>..var gui = require('nw.gui');..var win = gui.Window.get();....win.x = screen.availWidth-win.width;..win.y = screen.availHeight-win.height;....win.setAlwaysOnTop(true);..win.show();....$('body').fadeIn("fast");....function getQueryParams(qs) {.. qs = qs.split('+').join(' ');....

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\package.json

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):312
                                                                                                                                                                                                                                                  Entropy (8bit):4.570340142450805
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:3HWLGbc65cCRvFNKM1G8/BoFkSH4xIr0HHvFJ8NjDIqONUVFyN8uNMukIAArVn:VQ65cCRv+8/PSYxI4HHuUTNUuOukIA0
                                                                                                                                                                                                                                                  MD5:D3EE484385399A9304C2010F6E55A4CF
                                                                                                                                                                                                                                                  SHA1:7D7ED5838A54FB6218796F810274CDB1294A1E40
                                                                                                                                                                                                                                                  SHA-256:C465D915F6C70D3DAEE88BB14DCC9102160EFAEB33CC925D0E4CF5E95241314E
                                                                                                                                                                                                                                                  SHA-512:DB88E39559A4B099B1BF44C80D806D239C3831B919F6FC9850153C83994BDCA35DB680CA8F5B3D752C8813E666AB22AC80593E75F3D5A16C7A5C05CDDCF0DB7A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{.. "name": "FAST!",.. "main": "index.html",.. "window": {.. "title": "FAST!",..."icon": "images/fast.png",.. "toolbar": false,.. "width": 800,.. "height": 450,.. "show": false,.. "resizable": false,.. "frame": false, .. "show_in_taskbar": false,..."always-on-top": true.. } ..}..

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\ui\vid\fast.webm

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:WebM
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1160514
                                                                                                                                                                                                                                                  Entropy (8bit):7.901652490507714
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:3iZISjCDYvM5+1t0F/5ePRUgkzO2uk1H08sruk/+xURY7KjOslU2:FYAA0F/5ePJ2uka8sSk/qxsJ
                                                                                                                                                                                                                                                  MD5:8A11E17C5B16557AE39C76966F355ADD
                                                                                                                                                                                                                                                  SHA1:191AF04A6CAFC37DD4DD1C818F2EEF3EC31F65CB
                                                                                                                                                                                                                                                  SHA-256:95746E5F06053CAEBCDA80E65EC58FABA62D07B054F1D7B3B9EC4A345DBB7B4C
                                                                                                                                                                                                                                                  SHA-512:A99028B7D372491D3AF834D92AFFBF1C7506603DCC3CFF8662F1097AE1AC81F7B94393606D37CC074960078FD34BD687BCCB189EE57E5D7F46CE8D374BA179C6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.E.........B...B...B..B..B..webmB...B....S.g.........M.t@-M..S...I.fS...M..S...T.kS...#M..S...S.kS........................................................................................................................................................................................I.f.......2*...B@M..Lavf57.76.100WA.Lavf57.76.100D..@.X......T.k.......U........L..s....."...eng..V_VP8...#....U........ ...T.......T...UT....U..U...U....C.u...........J..........*T....G...........z%.>....'e~a...'.O.E......H..................0?......+..._...............Jo.?...i?......U.;.@.....X./.x.U.m._.}D.o.o.;{P.c.......?..1<..&.....>.w.....p?....;.........7.O....v...W.7...../.......{...>..*..7....c..3.:.p.f..A......1.y..........9.I.s..\..&...Ms.4..8i5.p.k...9.I.s..\..&...Ms.4..8i5.p.k...9.I.s..\..&...Ms.4..8i5.p.k...9.I.s..\..&...Ms.4..8i5.p.k...9.I.s..\..&...Ms.4..8i5.p.k...9.I.s..\..&...Ms.4..8i5.p.k...9.I.s..\..&...Ms.4..8i5.p.k...9.I.s..\..&...Ms.4..8i5.p.k...9.I.s..\..&..

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Fast!\uninstaller.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):475630
                                                                                                                                                                                                                                                  Entropy (8bit):7.908089419764263
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:WbsP/n/O5HR03nKx/K8j2C/PgAI6A1sAJ:WbsP/n/O5HR0Xz8jDvAW4
                                                                                                                                                                                                                                                  MD5:2573750504EE022336E008A6CE96BDFA
                                                                                                                                                                                                                                                  SHA1:FF44EABC4E484BF7B879719E0026F2BD0A1F2130
                                                                                                                                                                                                                                                  SHA-256:CE982081FD3295E2F836B28E7DC9F061188BD10155B75FA9505BF43A7F50BBD9
                                                                                                                                                                                                                                                  SHA-512:C886DEDA01990C7AAEAB5F75FFE0AE38920767312A72AD0D449FF1C280F5616DBC7B62D867779E3E38D525963382434E35EFAA5B7F4238B5FE75E6B03B90CC92
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j..........-5............@...................................1...@..............................................L............0.h)...........................................................................................text....h.......j.................. ..`.rdata...............n..............@..@.data...............................@....ndata...@...`...........................rsrc....L.......N..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                                                                                                  Entropy (8bit):0.8021909009532618
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:RJszRK0I9i0k0I9wXq0I9UGJC/PQJCmJCovVsnQ9Sii1GY9zOoRXTpMNYpKhvUA3:RJE+Lfki1GjHwU/+vVhWqpu
                                                                                                                                                                                                                                                  MD5:517625E94894385D0AFC58CB4A0C9934
                                                                                                                                                                                                                                                  SHA1:E2F01D031B758A71D2D4CC75EF7322331519BFC1
                                                                                                                                                                                                                                                  SHA-256:A16F766902ABC2E06A73E63AAD4A12829D4A3542E294F720FBB33CBDF0909CDA
                                                                                                                                                                                                                                                  SHA-512:6C70433BFB5951855B9A4FCCEA5F0D890DDA130D72406A90DDCAF8EE947B312B0AA98F0DA3633711A8BB01C2F6FA8F9D2BE94407F275C6E2FE100A640752D733
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:..Q^........@..@.....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.....................................3~L.#.........`h.................h.......1.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:Extensible storage engine DataBase, version 0x620, checksum 0x6dd5e7a0, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1048576
                                                                                                                                                                                                                                                  Entropy (8bit):0.9433124815132903
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:zSB2ESB2SSjlK/ZvxPXK0I9XGJCTgzZYkr3g16zV2UPkLk+kY+lKuy9ny5zPOZ15:zazaHvxXy2V2UR
                                                                                                                                                                                                                                                  MD5:5A5AE2F649D905A596C4947004496736
                                                                                                                                                                                                                                                  SHA1:074154084493C581B1A9C761AFD93BCFF5E2572D
                                                                                                                                                                                                                                                  SHA-256:1968036E9682C656E49357AF56069C5B7DAF9FB9C57BE13ABA6C99717A23ED56
                                                                                                                                                                                                                                                  SHA-512:4C89C453CFFCA7481D9BDDADF61D094778FABB3E0BE26563E1B24DEF25F3A1D23A823EBEB44D733B86D18FC72248556E7F3527D021601F2F364CBCA60909C87F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:m..... ...............X\...;...{......................0.x...... ...{s..8...|..h.z.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............{...............................................................................................................................................................................................2...{...................................^.+.8...|..................Tqv*.8...|...........................#......h.z.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                                                                                  Entropy (8bit):0.0812936758742931
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:R8YeBJnFEl/nqlFcl1ZUlllloOdeclll/allGBnX/l/Tj/k7/t:R8zBJnFEl/qlFclQ/lOyecllI254
                                                                                                                                                                                                                                                  MD5:FC93ACFD64FBB93C7B231FC70DF5CF00
                                                                                                                                                                                                                                                  SHA1:994084AA5C326D7962083EC5F968D4A062C7B4E6
                                                                                                                                                                                                                                                  SHA-256:5686388C32D1EDD49E836BC41FBCA2CDA0BBD8514B43721A2C7EBE0AC09870E2
                                                                                                                                                                                                                                                  SHA-512:A0A224DC67DF8C9CF3A7797D2D91AD1024A1BF8060C4FA193FBDF590DADAFFE368CB57AC3AB330EBD343BBB14135F6A68A9954E17FA708193803472BE6C39FF2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.".......................................;...{...8...|... ...{s.......... ...{s.. ...{s.P.... ...{s.................Tqv*.8...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\278f7c04-7ed9-4d29-8b8f-cd33e6c041e1.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                  Size (bytes):12043
                                                                                                                                                                                                                                                  Entropy (8bit):5.111224398612052
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:y1hmoAGLCq1Iay8asbKTelqwJ/mw5LLPTqJW0W3H0/qjW1LbO7hRNUBkC:yXmXxmPEcxXPn0QH0SoUCkC
                                                                                                                                                                                                                                                  MD5:09D4DC987F962500414A039B120C4E11
                                                                                                                                                                                                                                                  SHA1:961322783C83CED915376F0B5498C65569C4C135
                                                                                                                                                                                                                                                  SHA-256:4B788E56FED36BF43A95128195E860B93895D4986E41EB9E03F82FB24BE34DD8
                                                                                                                                                                                                                                                  SHA-512:78010C8025F3B62412D52143E5B698A2F4991DAAFB159C4E8B6F3D5290D47BA51665A9627C7242ED16BF6C29CD6916031CD304CF72F742BD16BA113449A9440D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"hardware_acceleration_mode_previous":true,"password_manager":{"os_password_blank":true,"os_password_last_changed":"13351618668534573"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"*Shockwave Flash*","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_types":["application/futuresplash","application/x-shockwave-flash"],"name":"Adobe Flash Player","url":"https://support.google.com/chrome/answer/6258784","versions":[{"reference":"https://helpx.adobe.com/security/products/flash-player/apsb15-18.html","status":"requires_authorization","version":"18.0.0.209"}]},"adobe-reader":{"displayurl":true,"group_name_matcher":"*Adobe Acrobat*","help_url":"https://support.google.com/chrome/?p=plugin_pdf","lang":"en-US","mime_types":["application/pdf","application/vnd.adobe.x-mars","application/vnd.adobe.xdp+xml","application/vnd.adobe.xfd+xml","application/vnd.adobe.xfdf","application/vnd.fdf"]

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\4fa19800-f838-4977-9469-e2b51c6cc52b.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1699
                                                                                                                                                                                                                                                  Entropy (8bit):4.833464560523698
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:YNow3p6otoiBH3UBaJ553S0fKche49hJa:E956otoixk65wy3he47Ja
                                                                                                                                                                                                                                                  MD5:8794022B33D10839D107741A8FED0DF9
                                                                                                                                                                                                                                                  SHA1:1E7BF2800BFD99121061BDC50C722038833258D1
                                                                                                                                                                                                                                                  SHA-256:B9BA68FAE28CF4F9FF8794055948516469D2D981FBCD6AAFFF171AD9E1CC4CCD
                                                                                                                                                                                                                                                  SHA-512:E4C9AAB5A4A9B2FF0A5647BF6DC041F42F5D8C439B2682F219AB0DBB1D00215F8F5EAAA43A2FBC5697C116BDBB66EE680CFAB3D84A6E87868176F74F33C29EBA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"hardware_acceleration_mode_previous":true,"policy":{"last_statistics_update":"13351618627453072"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_id":"","is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_id":"","name":"Person 1","shortcut_name":"","user_name":""}}},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"startup_metric":{"last_startup_timestamp":"13351618625947752","last_startup_version":"62.0.3202.94","same_version_startup_count":1},"subresource_filter":{"ruleset_version":{"content":"","format":0}},"tab_stats":{"last_daily_sample":"13351618627687435"},"uninstall_metrics":{"installation_date2":"1707145027","launch_count":"1","page_load_count":"2"},"user_experience_metrics":{"client_id2":"adf20a9c-1533-465c-81c2-9b40bcc52cae","client_id_timestamp":"1707145027","low_entropy_source2":81,"machine_id":478653,"sessio

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\BrowserMetrics-active.pma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 32768.000000, slope 43.583313
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8388608
                                                                                                                                                                                                                                                  Entropy (8bit):0.10062094244293654
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:XHwFiTNTJqYgmq01MHhqtn/rBC2z3cTpoa:XHwF2gmqAZ/rBC2z3Kpoa
                                                                                                                                                                                                                                                  MD5:B254C48AFDF059EA90D653789433C559
                                                                                                                                                                                                                                                  SHA1:21385F8497E697D7F7060D53A52A821014BD9415
                                                                                                                                                                                                                                                  SHA-256:EED79FBAD9C8361B79FED2D80BFF0D9E63C5F55FEBAA01A21ACDDDC00FFF660B
                                                                                                                                                                                                                                                  SHA-512:315F479EB23FA9DEF2A9F33CDE6D06099D1F42EE460B5757CCEF5C28ACFEFF0EBA2D451EE53420C5B5D68A0B7AB46C0B06E4A47A8B82C918E492382162AAE717
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:...@............C.].....@............... ....................... ...i.y.........BrowserMetrics......i.y..Yd.........A..................._..-....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....0...i.y.[".........................................i.y..Yd.`.......A....................O.`.....qH...#o........U.....U..qH...#o................UMA.CreatePersistentHistogram.Result....@...i.y.[".........................................................i.y.Pq.3.....R.........62.0.3202.94-devel".en-GB*...Windows NT..10.0.190452...x86_64..?......".P....$.. .......TLS13Variant....Experiment..............UKM.....Enabled..<..8.......BrowserScheduler....RedirectWithDefaultInitParams....(..$.......VideoCaptureService.....Enabled..,..(.......NetworkQualityEstimator.....Enabled.............QUIC....Enabled..$.. .......TokenBinding....TokenBinding.4..0.......NetDelayableH2AndQuicRequests.......Enabled3.(..$.......ThrottleDelayable.......Enabled..H..D.......SettingsEnfo

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\CrashpadMetrics-active.pma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1048576
                                                                                                                                                                                                                                                  Entropy (8bit):0.007525918861634288
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:bHixXAVMMOKEKSCemJKlkQPdl/JG89Hy3aJ0oMFgigpCbUyqpYJ0X:bYQOMzBS+Mk0/JvWoMeigp1yyYW
                                                                                                                                                                                                                                                  MD5:6FCF85BB744C90F434F8E77D359DD00C
                                                                                                                                                                                                                                                  SHA1:26755B437DC4B3CE7DBD26B56CD02C481ADE41C6
                                                                                                                                                                                                                                                  SHA-256:C52C8E71179A8FBD88359A8894EB514F9FFD5400AD46A94BD175872662BCD970
                                                                                                                                                                                                                                                  SHA-512:699848DB6A8A1E5CE02338C3AB248FD3B6C4D9185EF10AF472893ADF681AA89B1BCC526DD21200817E2C0CBC0589AA5196537B7126DB07506DA767E0BA0AAC1B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:...@....................@...............h...................X... ...i.y.........CrashpadMetrics.....i.y..Yd. .......A.......e............,........5l.*...................5l.*.................UMA.PersistentAllocator.CrashpadMetrics.UsedPct.h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.`.......A....................O.`.....qH...#o.................qH...#o................UMA.CreatePersistentHistogram.Result....@...i.y.[".........................................................i.y..Yd........A...........................?....{.................@....{.................UMA.PersistentAllocator.CrashpadMetrics.Errors......i.y..Yd.0.......A...............8..._..-.....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".....................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                  Entropy (8bit):3.2454618442383203
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:FkWXl2kk6Ak:9Q6Ak
                                                                                                                                                                                                                                                  MD5:F9572D3E5986F412927C147976A585FC
                                                                                                                                                                                                                                                  SHA1:87FB5EB2E8C3C7C0FB5838A2DD58A342606E7F36
                                                                                                                                                                                                                                                  SHA-256:8FAD56A826439559FAC027A46282F4039F0FA1858DF39F0B4E936C5F9440C9B4
                                                                                                                                                                                                                                                  SHA-512:E8FA8C9CA65B544288800B28891DCE3E8C9B207ED0C38809C375A8101CFDAE455FC1EED36437BD3ED94C4AF0C0CE1545FF5F3B980E450FB87039116E1748352F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:sdPC....................r..\...I..{~f...

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\18da2e0d-7880-44cb-9e03-bdf06b58ca4f.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):151668
                                                                                                                                                                                                                                                  Entropy (8bit):1.0550957398929903
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:YcFpCkgfvMbb555555555555555555555555555555555555555555555555555O:YepCb8bBvK
                                                                                                                                                                                                                                                  MD5:728FE78292F104659FEA5FC90570CC75
                                                                                                                                                                                                                                                  SHA1:11B623F76F31EC773B79CDB74869ACB08C4052CB
                                                                                                                                                                                                                                                  SHA-256:D98E226BEA7A9C56BFDFAB3C484A8E6A0FB173519C43216D3A1115415B166D20
                                                                                                                                                                                                                                                  SHA-512:91E81B91B29D613FDDE24B010B1724BE74F3BAE1D2FB4FAA2C015178248ED6A0405E2B222F4A557A6B895663C159F0BF0DC6D64D21259299E36F53D95D7067AA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .V....M..(............. .........................................................................................................................................................................................................................................................................................................................(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\8a3ff048-bbdc-447e-8947-49f6573e182e.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4629
                                                                                                                                                                                                                                                  Entropy (8bit):5.509986780387926
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:i9viaTLCp05VFJkvoxnfhVuW7A5IOrMn3YPo0MG6+c:9lpgk8nuW+IOAn3go0iH
                                                                                                                                                                                                                                                  MD5:3737332F0F4EC417177F013FE01C2760
                                                                                                                                                                                                                                                  SHA1:6E74B618800D970D70E7E9440630DD2B16630D68
                                                                                                                                                                                                                                                  SHA-256:A119EB1A2FF59DFD60C6A87F4DE60449D8CF680349EF231E0587E012E7D5069B
                                                                                                                                                                                                                                                  SHA-512:91363629B5A52F0E3B3D7F59383094D34A4A251C74EBACE8AC59EF68000705EE2685C51907522FB82A8C4803BFEA82F3B2BACFDB636C4F5A1C4577E2ABB9B9BB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"extensions":{"settings":{"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":["resourcesPrivate"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13351618627525878","location":5,"manifest":{"content_security_policy":"script-src 'self' blob: filesystem: chrome://resources; object-src * blob: externalfile: file: filesystem: data:; plugin-types application/x-google-chrome-pdf","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVwBDl6iyNE/Kok6E6v6V3vCLGsOpQAuuNVye/3QxzIldzG/jQAdWZiyXReRVapOhZtLjGfywCvlWq7Sl/e3sbc0vWybSDI2QIDAQAB","manifest_version":2,"mime_types":["application/pdf"],"mime_types_handler":"index.html","name"

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\8b7beb68-e33a-4c03-b7d5-ec984635d5b6.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\000001.dbtmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):213
                                                                                                                                                                                                                                                  Entropy (8bit):4.812589275797678
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:Lt8tREFt7t7AhTG4yI4Qq2tet7t7AhXeLKI:OE3p7ITGLFKyp7IXeLKI
                                                                                                                                                                                                                                                  MD5:5B6AF6A25C541E47268167FBD999E60F
                                                                                                                                                                                                                                                  SHA1:6D7CC46543908952EEFAE026D64C6C10EBF3D088
                                                                                                                                                                                                                                                  SHA-256:481499EB3637F16A39D9596FC309071E830CA4185E8AA19A8AA4E699C3D9A88A
                                                                                                                                                                                                                                                  SHA-512:8913506EF4CE2CAF3540C6112491B05BA2898FDD7565E8F34DF9475ADE5463F1473A73EE741B7866F3CC3BE8454C6E4D029E9564AD3F502BCCDD3E8C401BAD03
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:....c...............Rnpaimmhhjcfhbdogdfcmlldgglpldhbm.declarative_rules.declarativeWebRequest.onRequest.[]x.\Bd...............Snpaimmhhjcfhbdogdfcmlldgglpldhbm.declarative_rules.declarativeContent.onPageChanged.[]

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):132
                                                                                                                                                                                                                                                  Entropy (8bit):5.255997294232271
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:tR4OWo2WdFdtFNLKqFkPCHyg4E2J5ja5jm4E/9eaPrjWIV//Uv:pnFdd+q2PCHhJ2398aPrqIFUv
                                                                                                                                                                                                                                                  MD5:9C72939751F73053410339C673B0813D
                                                                                                                                                                                                                                                  SHA1:40E14C85674CFA5CBDE3B0BD18982E1A758E0D37
                                                                                                                                                                                                                                                  SHA-256:EC1FB0E07DF93E1A7A94316B1A86E0F5D564A44A7FA506FEE7E7975BCEABCCBE
                                                                                                                                                                                                                                                  SHA-512:06822502B060DD5110A2AE43B78A3E141BEFB32646848D4138BB2BDF95D13116999C341C88E89E1B7541742FECE0F238665AC7A68270BE96C3DE065894BEDCCB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:2024/02/05-15:57:09.638 8088 Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\000001.dbtmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):114
                                                                                                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCT
                                                                                                                                                                                                                                                  MD5:891A884B9FA2BFF4519F5F56D2A25D62
                                                                                                                                                                                                                                                  SHA1:B54A3C12EE78510CB269FB1D863047DD8F571DEA
                                                                                                                                                                                                                                                  SHA-256:E2610960C3757D1757F206C7B84378EFA22D86DCF161A98096A5F0E56E1A367E
                                                                                                                                                                                                                                                  SHA-512:CD50C3EE4DFB9C4EC051B20DD1E148A5015457EE0C1A29FFF482E62291B32097B07A069DB62951B32F209FD118FD77A46B8E8CC92DA3EAAE6110735D126A90EE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\CURRENT (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):132
                                                                                                                                                                                                                                                  Entropy (8bit):5.16805706126286
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:tR4OWonCIDKKqFkPCHyg4E2J5ja5jm4E/9et4wkvWIV//Uv:pCQq2PCHhJ2398NIFUv
                                                                                                                                                                                                                                                  MD5:01477E023577BA6845EF68E119808A71
                                                                                                                                                                                                                                                  SHA1:9CE884DB0332D6AB28602C66ED541DB7976D8242
                                                                                                                                                                                                                                                  SHA-256:6A473BBC1A1CB7288B87702FC70CC8CF23BE3D4F3F600F14EB4182069BB475EE
                                                                                                                                                                                                                                                  SHA-512:9D7EDD8DAD65B0E5990F8D1BB80AB20B878A30F0147FCBC0D169F5B4669EC59E048AAAE5A2B9236AEC4BF542D00230603E9A667CE6F529F0F2E7130E6BA88EBD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:2024/02/05-15:57:10.650 4320 Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State/MANIFEST-000001.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\MANIFEST-000001

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Favicons

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3020000, page size 2048, file counter 1, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                  Entropy (8bit):0.6974106810185087
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:LLibxh0GY/l1rWR1PmCx9fZjsBX+T6UwcE85fBmI:yBmw6fU1zBmI
                                                                                                                                                                                                                                                  MD5:6B273279290A7D8CC5C0D6B149AEF7B3
                                                                                                                                                                                                                                                  SHA1:B05EA3EC19517652200771C9C0D6E6D9B92DB4EC
                                                                                                                                                                                                                                                  SHA-256:6B791C5F30F02AF1AD68DB86A9BE193091FD4E274FE71ACB07AB70DF4DAF37E7
                                                                                                                                                                                                                                                  SHA-512:860B74B0B79EC7B246C119C6C93F1664D3D8487AEE6EDE255848A38AD9AC163DD2CD73F739D335863DDC661448E9B3F9F18465A9364C361EAA269B3216D3499B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .....................................................................................g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\data_0

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\data_1

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                                                  Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                  MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                  SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                  SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                  SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\data_2

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\data_3

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\index

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):262512
                                                                                                                                                                                                                                                  Entropy (8bit):9.629307656487099E-4
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:LsFl0liJK+llll:LsFKwDtl
                                                                                                                                                                                                                                                  MD5:41324C544C529CC3C54D0E326B445C3D
                                                                                                                                                                                                                                                  SHA1:FDF7DF8654D30553B04C44D70AA8831EE658BC4D
                                                                                                                                                                                                                                                  SHA-256:66AEED7EAC8CA8860E77DF18BC0DBD36A9B674C8A6E72DB7160B277738E018BD
                                                                                                                                                                                                                                                  SHA-512:18AD6DBD3DA32AA838F4F7498CF0B8DEC526EDEC5B278B55A127E4A21D751E339C8B97071AC8737488E15352C085938962B2966A932ACBFEA5DA6C796CC60A9C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............................................9o/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Google Profile.ico (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):151668
                                                                                                                                                                                                                                                  Entropy (8bit):1.0550957398929903
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:YcFpCkgfvMbb555555555555555555555555555555555555555555555555555O:YepCb8bBvK
                                                                                                                                                                                                                                                  MD5:728FE78292F104659FEA5FC90570CC75
                                                                                                                                                                                                                                                  SHA1:11B623F76F31EC773B79CDB74869ACB08C4052CB
                                                                                                                                                                                                                                                  SHA-256:D98E226BEA7A9C56BFDFAB3C484A8E6A0FB173519C43216D3A1115415B166D20
                                                                                                                                                                                                                                                  SHA-512:91E81B91B29D613FDDE24B010B1724BE74F3BAE1D2FB4FAA2C015178248ED6A0405E2B222F4A557A6B895663C159F0BF0DC6D64D21259299E36F53D95D7067AA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .V....M..(............. .........................................................................................................................................................................................................................................................................................................................(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\History

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3020000, file counter 1, database pages 28, cookie 0x16, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                                                                                                  Entropy (8bit):0.4386208553966929
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:TNHC3BdjNPp+suktLReRK+nVaNU74ePLrL2Iua6maxNPM5ETQTcrQHIvYysX0jpi:R0dvUVaN+LrL2IlLvU+kYysX0j4t
                                                                                                                                                                                                                                                  MD5:96F006D0FEF18D0131B15F97CE6278E8
                                                                                                                                                                                                                                                  SHA1:13F03F472C0F17C82C0BE62E831E87D5CB6D5A2F
                                                                                                                                                                                                                                                  SHA-256:9871E1BF60DC1BA4D385737F94BC6A82521EF4826B8AB0C485DC96613C0D16BF
                                                                                                                                                                                                                                                  SHA-512:5509EB3A0F09B4EC26A6DBB552239A584F1480900E55304A15681E25CD23ED1AD1E8739ECAF61181605F1D3F9664C1876F1CF6F92346590002FCCC301F8FEF81
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\History-journal

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8720
                                                                                                                                                                                                                                                  Entropy (8bit):0.21926292587422788
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:R4/lNlljq7A/mhWJFuQ3yy7IOWUQ4dweytllrE9SFcTp4AGeTuyOV9RUIV:R4k75fOK4d0Xi99pluy6H
                                                                                                                                                                                                                                                  MD5:2AF2A8AAA12EEE2C1A943194C5D57A3C
                                                                                                                                                                                                                                                  SHA1:095019FB2309BD215BDED90DA00F4CBA50FA68CA
                                                                                                                                                                                                                                                  SHA-256:1A6A3051A78E5321CF0C49626D7F9407B5BA04225F99A28F93C12DE01B364533
                                                                                                                                                                                                                                                  SHA-512:3C058BC8060E2CCEDDFBE4C6D85067DC19F13916B1B10CF980641001459394EDA484BB599F38E70F1621E1520096EE385E1244FF11C2F0B2BC579510E9944680
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\000001.dbtmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):70
                                                                                                                                                                                                                                                  Entropy (8bit):4.692092175028856
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:tR4OWoRSAFwDKKqFOMPHIrscWIV//Uv:pRHFIqTVIFUv
                                                                                                                                                                                                                                                  MD5:32844A273FC130A143AFD37AFE74E412
                                                                                                                                                                                                                                                  SHA1:7A082A8652E087F15C1D32C59778AE380E1F3A92
                                                                                                                                                                                                                                                  SHA-256:A5CD2C0EEA0CC563E6183F61C0813BC8C014AAF7A825C40A81752BD88D6595D1
                                                                                                                                                                                                                                                  SHA-512:FD747371D362E58AFF9DEA36E4DF7AA028795A9B021F22811E1B9B5D161E5D210411666E87E4AB4C977ED5C8B85BB67C50E6FA7C81403A66F964963FE90E64F8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:2024/02/05-15:57:13.203 4320 Reusing MANIFEST leveldb/MANIFEST-000001.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Login Data

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3020000, page size 2048, file counter 1, database pages 9, cookie 0x5, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):18432
                                                                                                                                                                                                                                                  Entropy (8bit):0.8485594039481521
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:LLilH0KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6UwcpYMQW:kz+JH3yJUheCVE9V8MX0PFlNU1uW
                                                                                                                                                                                                                                                  MD5:89D7B9AD36CA7345933C7E369BA0A5F4
                                                                                                                                                                                                                                                  SHA1:78F072D00227314570B0E0F721690856B4E2FB4F
                                                                                                                                                                                                                                                  SHA-256:2ADE5F90626DBC3BC778A35CE4B28B0DCB28F2852FBF7DCC15506E0501642F1A
                                                                                                                                                                                                                                                  SHA-512:3D25B83811B7875AF638B32A1A9664819718B1BB19D5FDCE5812360B5676FEB7DFB5DB33AF30371E3B7437FABCEB7779839456586662E62571CA5CA2450D55E7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .....................................................................................g.....:.3.E.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N...%..oindexstats_originstats.CREATE INDEX stats_origin ON stats(origin_domain).@......._tablestatsstats.CREATE TABLE stats (origin_domain VARCHAR NOT NULL, username_value VARCHAR, dismissal_count INTEGER, update_time INTEGER NOT NULL, UNIQUE

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1670
                                                                                                                                                                                                                                                  Entropy (8bit):4.835768693605416
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Ycvi7qGoTwY6NW58cWpfceHQg4qoB9eSnqKzJR:nvFdt6NWVWSe2qoOvs
                                                                                                                                                                                                                                                  MD5:A0FF578510DE13C4CD5247B132D39652
                                                                                                                                                                                                                                                  SHA1:656183845507FF98BD32BAB663A74704BD52A7A4
                                                                                                                                                                                                                                                  SHA-256:1471311FB19132C685DEE65CFD277776D4D37DF3E873C2C427F29C21F14F7A65
                                                                                                                                                                                                                                                  SHA-512:45D4FEB7F9F8251C9FB13FDFAF0BE6495D50793DEB8598B90599B0AD598268B2CED76B45C9ED8FE02048C45737526838612FF549E7126520C6E064EE5DFDAB5A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13351618627529821","browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"data_reduction_lo_fi":{"load_images_requests_per_session":0,"load_images_snackbars_shown_per_session":0,"was_used_this_session":false},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"62.0.3202.94"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"invalidator":{"client_id":"qnlmEO0VOMpYbhqHjg/+5Q=="},"media":{"device_id_salt":"fSvB4NNFSVTm69QyqJh91g=="},"ntp":{"num_personal_suggestions":2},"partition":{"per_host_zoom_levels":{"x":{}}},"plugins":{"plugins_list":[]},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"domain_to_origin_migration_status":1,"exceptions":{"accessibility_events":{},"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_guard":{},"client_hints":{},"cookies":

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Preferences~RF6fdd54.TMP (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1670
                                                                                                                                                                                                                                                  Entropy (8bit):4.835768693605416
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Ycvi7qGoTwY6NW58cWpfceHQg4qoB9eSnqKzJR:nvFdt6NWVWSe2qoOvs
                                                                                                                                                                                                                                                  MD5:A0FF578510DE13C4CD5247B132D39652
                                                                                                                                                                                                                                                  SHA1:656183845507FF98BD32BAB663A74704BD52A7A4
                                                                                                                                                                                                                                                  SHA-256:1471311FB19132C685DEE65CFD277776D4D37DF3E873C2C427F29C21F14F7A65
                                                                                                                                                                                                                                                  SHA-512:45D4FEB7F9F8251C9FB13FDFAF0BE6495D50793DEB8598B90599B0AD598268B2CED76B45C9ED8FE02048C45737526838612FF549E7126520C6E064EE5DFDAB5A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13351618627529821","browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"data_reduction_lo_fi":{"load_images_requests_per_session":0,"load_images_snackbars_shown_per_session":0,"was_used_this_session":false},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"62.0.3202.94"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"invalidator":{"client_id":"qnlmEO0VOMpYbhqHjg/+5Q=="},"media":{"device_id_salt":"fSvB4NNFSVTm69QyqJh91g=="},"ntp":{"num_personal_suggestions":2},"partition":{"per_host_zoom_levels":{"x":{}}},"plugins":{"plugins_list":[]},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"domain_to_origin_migration_status":1,"exceptions":{"accessibility_events":{},"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_guard":{},"client_hints":{},"cookies":

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\README

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):162
                                                                                                                                                                                                                                                  Entropy (8bit):4.273886413532386
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:MVIWRKXECSAV6jDyhjgHGAW+LB2Z4MKLFE1SwhiFAfXQmWyKBPMwRgFL8CPAzkmM:KrsUpAQQgHGwB26MK8Sw06fXQmWtRAI+
                                                                                                                                                                                                                                                  MD5:44028E0E05F8498268AA16B5D1BF19FF
                                                                                                                                                                                                                                                  SHA1:1C241C407F2903727920B5069C4582F5D33369C8
                                                                                                                                                                                                                                                  SHA-256:2952D4AD35DC8E19F3D10CEFA90B832EB3923B88C472A22F6FD57D4A5CF84E74
                                                                                                                                                                                                                                                  SHA-512:A8F677CFB8EB25A8A8287AB2ADCF72932FF9AEBFC54EACF55034342BFFA10A212C487B11895C005605737569C24800F5EA82AA9A3FDAED10FD084E897A8FF2C4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:nwjs settings and storage represent user-selected preferences and information and MUST not be extracted, overwritten or modified except through nwjs defined APIs.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4629
                                                                                                                                                                                                                                                  Entropy (8bit):5.509986780387926
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:i9viaTLCp05VFJkvoxnfhVuW7A5IOrMn3YPo0MG6+c:9lpgk8nuW+IOAn3go0iH
                                                                                                                                                                                                                                                  MD5:3737332F0F4EC417177F013FE01C2760
                                                                                                                                                                                                                                                  SHA1:6E74B618800D970D70E7E9440630DD2B16630D68
                                                                                                                                                                                                                                                  SHA-256:A119EB1A2FF59DFD60C6A87F4DE60449D8CF680349EF231E0587E012E7D5069B
                                                                                                                                                                                                                                                  SHA-512:91363629B5A52F0E3B3D7F59383094D34A4A251C74EBACE8AC59EF68000705EE2685C51907522FB82A8C4803BFEA82F3B2BACFDB636C4F5A1C4577E2ABB9B9BB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"extensions":{"settings":{"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":["resourcesPrivate"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13351618627525878","location":5,"manifest":{"content_security_policy":"script-src 'self' blob: filesystem: chrome://resources; object-src * blob: externalfile: file: filesystem: data:; plugin-types application/x-google-chrome-pdf","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVwBDl6iyNE/Kok6E6v6V3vCLGsOpQAuuNVye/3QxzIldzG/jQAdWZiyXReRVapOhZtLjGfywCvlWq7Sl/e3sbc0vWybSDI2QIDAQAB","manifest_version":2,"mime_types":["application/pdf"],"mime_types_handler":"index.html","name"

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\000001.dbtmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\000003.log

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46
                                                                                                                                                                                                                                                  Entropy (8bit):4.019797536844534
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:sLollttz6sjlGXU2tkn:qolXtWswXU2tkn
                                                                                                                                                                                                                                                  MD5:90881C9C26F29FCA29815A08BA858544
                                                                                                                                                                                                                                                  SHA1:06FEE974987B91D82C2839A4BB12991FA99E1BDD
                                                                                                                                                                                                                                                  SHA-256:A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
                                                                                                                                                                                                                                                  SHA-512:15F7F8197B4FC46C4C5C2570FB1F6DD73CB125F9EE53DFA67F5A0D944543C5347BDAB5CCE95E91DD6C948C9023E23C7F9D76CFF990E623178C92F8D49150A625
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:...n'................_mts_schema_descriptor...

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\CURRENT (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):134
                                                                                                                                                                                                                                                  Entropy (8bit):5.252636106555515
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:tR4OWo4njaKKqFkPCHyg4E2J5ja5jm4E/rppwvWIV//Uv:pEyq2PCHhJ239pIFUv
                                                                                                                                                                                                                                                  MD5:0D39AAD536F7779FCA1FEB9D71CDB1A5
                                                                                                                                                                                                                                                  SHA1:D459A2FA34C9B83831719431532BEFFBF00664E4
                                                                                                                                                                                                                                                  SHA-256:72470F41238388731D7313BAC6E2ADB7AE65F57F9D675909C4BF427A5AC2A03A
                                                                                                                                                                                                                                                  SHA-512:AA1508D20F3890EF5C810AF75FFE8BFFC13BEC943718539BFDF9050FBAE30588C5634F53A6217322BEF4228B8D18CBC851CE0D266FDB1EA84FAAEAB21B9FA67A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:2024/02/05-15:57:07.630 8092 Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Thumbnails\000001.dbtmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Thumbnails\CURRENT (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Thumbnails\LOG

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):127
                                                                                                                                                                                                                                                  Entropy (8bit):5.226961955717876
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:tR4OWo4pbTDKKqFkPCHyg4E2J5ja5jm4E/sCA5WIV//Uv:pKNq2PCHhJ239kCAsIFUv
                                                                                                                                                                                                                                                  MD5:5DBE1628610BAB8570EF4DDA60E5B40A
                                                                                                                                                                                                                                                  SHA1:62E75A944DDCA66140C2D441202A73B189F039D8
                                                                                                                                                                                                                                                  SHA-256:674D40ADBA4ECA1FBBBF8763350D601C6F466915237178051F0A0A3899AD6867
                                                                                                                                                                                                                                                  SHA-512:59E7E9A811F3D3028D765B96349E9A18AE897709CD2F6EBBF05F847922458A84C5AE15BF0BB6AA470E48B382F96D80FD481A7D6494E22740895AC96F1740BDB0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:2024/02/05-15:57:07.844 4320 Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Thumbnails/MANIFEST-000001.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Thumbnails\MANIFEST-000001

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Top Sites

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3020000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                  Entropy (8bit):0.6201952275968956
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:TLSHLO4rOTLSOEfnreNEFxOUwa5qguKoiZ75fOSBJ3IccogYccogfXvXXzfIKMrL:TLyG9MreNE6UwccKom5fBY4DQKM35Jz
                                                                                                                                                                                                                                                  MD5:165640B92879E3779FC2A5BDEAAB3F6D
                                                                                                                                                                                                                                                  SHA1:92FEEA5F2FE5E3F9FCC00CFA14257287E9247844
                                                                                                                                                                                                                                                  SHA-256:F42F29324F14D3C82764E35F59DB1C4D4B44E13DD841339478E9D0D4E702C5B2
                                                                                                                                                                                                                                                  SHA-512:39A314A2F4DE9ACE50674702333987C2A7E084AAB830C5B597C3F4FA4EE025576BC8890DC0574DB5429DBD050B3E3C6A8C44406096A373EB00A0C767ED1BC1DB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .....................................................................................g.....2....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Visited Links

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):131072
                                                                                                                                                                                                                                                  Entropy (8bit):0.002110589502647469
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:ImtVonxCl:IiVonxCl
                                                                                                                                                                                                                                                  MD5:339243000378522DE1B3C0D6925E0A19
                                                                                                                                                                                                                                                  SHA1:E8C17F6D2FF2D4D30B0BD1E8038985B00CCB9093
                                                                                                                                                                                                                                                  SHA-256:D3B9D7F3332FE1DCC54923007D08AFCA5CAF5A0693159C6E8E75DE4F7F842F4C
                                                                                                                                                                                                                                                  SHA-512:017270502B3E6DABBD3BAEB36FAA89B85295B13CE603775D57F7F18CC8F66616710A892E51F7C8183B734B577CD3F3FF6C2AC1DD1D5FE63225CE6D27F837840A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:VLnk.....?........@..W..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Web Applications\_crx_npaimmhhjcfhbdogdfcmlldgglpldhbm\5cf064d5-b873-4d5a-a6a3-813ee7474db7.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:MS Windows icon resource - 9 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):28134
                                                                                                                                                                                                                                                  Entropy (8bit):4.854024708755535
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:ORYXkYffbS9v8VxMWi2oSeoOPjir6Srsrj6wZRyukHVguPx7XHtc3ew7ywHo4Byz:ORsJ7S9tWih4uSYr2A8ucgoNc7Ff
                                                                                                                                                                                                                                                  MD5:4B50BD91DA81C0AEEDF9F767597DFF6F
                                                                                                                                                                                                                                                  SHA1:4699CAAA3127711A01FF1165C4C47672CC0659CB
                                                                                                                                                                                                                                                  SHA-256:4703EC4FCDB7AA85D20E0AFE0D40B894DEAE6FD7F37328C8FE8C60AD84C8322B
                                                                                                                                                                                                                                                  SHA-512:7782D2ECA391ABD552A0139EF482C98A25407C95A1281E962B531390ACCA80765C75A8B975A30E4DB94C52496C3321A7B40745D187CA802036CE9497252DC7D4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............ .H............. ............... .p............. .h............. ............... ......... .... .........((.... .h....-..00.... ..%..>H..(............. ......................... 3;==myz..../<..-;x~............1OX\f...^.......\z....$&............_...}............$<B........5D..............................-:x~\y................................$&%,DE..........p.....\ior............................^y......................Vbfg]x..Vr..................................(............. .............................1Uac. #%....EV..,9ou................+<BEp...[...;PLT^s..Qp.. %:<................S...T...............4A..................(0)0....Ys..........u...............EV.._v......................dsux........-9qvRo..........................[hlm........!%8;8G..s............pS.............................etvx................dw......................LWZ[........Nk..Wt..............................Wh..[x..]z..........................................(............. ...........................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Web Applications\_crx_npaimmhhjcfhbdogdfcmlldgglpldhbm\FAST!.ico (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:MS Windows icon resource - 9 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):28134
                                                                                                                                                                                                                                                  Entropy (8bit):4.854024708755535
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:ORYXkYffbS9v8VxMWi2oSeoOPjir6Srsrj6wZRyukHVguPx7XHtc3ew7ywHo4Byz:ORsJ7S9tWih4uSYr2A8ucgoNc7Ff
                                                                                                                                                                                                                                                  MD5:4B50BD91DA81C0AEEDF9F767597DFF6F
                                                                                                                                                                                                                                                  SHA1:4699CAAA3127711A01FF1165C4C47672CC0659CB
                                                                                                                                                                                                                                                  SHA-256:4703EC4FCDB7AA85D20E0AFE0D40B894DEAE6FD7F37328C8FE8C60AD84C8322B
                                                                                                                                                                                                                                                  SHA-512:7782D2ECA391ABD552A0139EF482C98A25407C95A1281E962B531390ACCA80765C75A8B975A30E4DB94C52496C3321A7B40745D187CA802036CE9497252DC7D4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:............ .H............. ............... .p............. .h............. ............... ......... .... .........((.... .h....-..00.... ..%..>H..(............. ......................... 3;==myz..../<..-;x~............1OX\f...^.......\z....$&............_...}............$<B........5D..............................-:x~\y................................$&%,DE..........p.....\ior............................^y......................Vbfg]x..Vr..................................(............. .............................1Uac. #%....EV..,9ou................+<BEp...[...;PLT^s..Qp.. %:<................S...T...............4A..................(0)0....Ys..........u...............EV.._v......................dsux........-9qvRo..........................[hlm........!%8;8G..s............pS.............................etvx................dw......................LWZ[........Nk..Wt..............................Wh..[x..]z..........................................(............. ...........................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Web Applications\_crx_npaimmhhjcfhbdogdfcmlldgglpldhbm\FAST!.ico.md5

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                  Entropy (8bit):3.875
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:SN/8C8fd:+18d
                                                                                                                                                                                                                                                  MD5:C8EB2C4BEC8226D567DBE9DFB508DA7C
                                                                                                                                                                                                                                                  SHA1:B4089FB427D35068F8824AC78867FFAACA200DBE
                                                                                                                                                                                                                                                  SHA-256:768E68A4AD1333A64352F7199CBB54C5F797E70E4ACCDB86829EB98272603A23
                                                                                                                                                                                                                                                  SHA-512:5CBFE5915112A6DD803A63F42A34643A524FF7F3E7D8299636BA25F83228B7CECCDCADE9B82D0E2E5D9A96A401B857DE2B25F2468D8C418F577764F3BD02D688
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:...b......Yt=W..

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\Web Data

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3020000, page size 2048, file counter 1, database pages 32, cookie 0x15, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                                                  Entropy (8bit):0.8591399539328934
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:Ze3Zht6YnMvqI738Hsa/NTIdEFaEdUDSuKn8Y/qBOnxjyWTJereWb3Ds4Blr:ZkZLHMEhTJMb3D
                                                                                                                                                                                                                                                  MD5:E3A002935A782F75C8AC7F3F0505D7F2
                                                                                                                                                                                                                                                  SHA1:5EC603207A726EFA249B6EF575B2D03C64E928FD
                                                                                                                                                                                                                                                  SHA-256:912C041F1F45B8B817F94C84C15433A40463A8A56D6978CF08B7ED28996050A7
                                                                                                                                                                                                                                                  SHA-512:BEFDE36B695C065C46E10010E9CC0988A497BD53886EC7A76E9FF50321E54DA1DE16AC67F9522FF349D2BDEFED395083A2985D611DFAA8E869C3649F629030C2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ....... ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\aa18256b-02de-40e6-a775-b2974f213e39.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1670
                                                                                                                                                                                                                                                  Entropy (8bit):4.835768693605416
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Ycvi7qGoTwY6NW58cWpfceHQg4qoB9eSnqKzJR:nvFdt6NWVWSe2qoOvs
                                                                                                                                                                                                                                                  MD5:A0FF578510DE13C4CD5247B132D39652
                                                                                                                                                                                                                                                  SHA1:656183845507FF98BD32BAB663A74704BD52A7A4
                                                                                                                                                                                                                                                  SHA-256:1471311FB19132C685DEE65CFD277776D4D37DF3E873C2C427F29C21F14F7A65
                                                                                                                                                                                                                                                  SHA-512:45D4FEB7F9F8251C9FB13FDFAF0BE6495D50793DEB8598B90599B0AD598268B2CED76B45C9ED8FE02048C45737526838612FF549E7126520C6E064EE5DFDAB5A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13351618627529821","browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"data_reduction_lo_fi":{"load_images_requests_per_session":0,"load_images_snackbars_shown_per_session":0,"was_used_this_session":false},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"62.0.3202.94"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"invalidator":{"client_id":"qnlmEO0VOMpYbhqHjg/+5Q=="},"media":{"device_id_salt":"fSvB4NNFSVTm69QyqJh91g=="},"ntp":{"num_personal_suggestions":2},"partition":{"per_host_zoom_levels":{"x":{}}},"plugins":{"plugins_list":[]},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"domain_to_origin_migration_status":1,"exceptions":{"accessibility_events":{},"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_guard":{},"client_hints":{},"cookies":

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\d7189d00-3e84-4370-803f-868d79d9cd49.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1708
                                                                                                                                                                                                                                                  Entropy (8bit):4.829788085415274
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Ycvi7qGoTwY6NW58cWpfceHQg4qoB9eSnqKzJAOL:nvFdt6NWVWSe2qoOvW
                                                                                                                                                                                                                                                  MD5:3E6ECE34E92E90E14331F67108960A36
                                                                                                                                                                                                                                                  SHA1:25CFAC508949FA32104E01F7BFB9CBCC145D3FAB
                                                                                                                                                                                                                                                  SHA-256:850744630F7DB6F283817C1512FF21DFB6623A8EAA4FBAFC533013D525BC2AEB
                                                                                                                                                                                                                                                  SHA-512:64B5C659E8D220B9E3B2B0AFC2D34F3D646F876740C83A57AF4AA094EFB426A3273B5B6A80246EAEA41143EFD11097034F7139A12993B16D3F94BA1E1A85502E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13351618627529821","browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"data_reduction_lo_fi":{"load_images_requests_per_session":0,"load_images_snackbars_shown_per_session":0,"was_used_this_session":false},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"62.0.3202.94"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"invalidator":{"client_id":"qnlmEO0VOMpYbhqHjg/+5Q=="},"media":{"device_id_salt":"fSvB4NNFSVTm69QyqJh91g=="},"ntp":{"num_personal_suggestions":2},"partition":{"per_host_zoom_levels":{"x":{}}},"plugins":{"plugins_list":[]},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":26,"content_settings":{"domain_to_origin_migration_status":1,"exceptions":{"accessibility_events":{},"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"autoplay":{},"background_sync":{},"bluetooth_guard":{},"client_hints":{},"cookies":

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\data_reduction_proxy_leveldb\000001.dbtmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\data_reduction_proxy_leveldb\000002.dbtmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Xv:1qIF/
                                                                                                                                                                                                                                                  MD5:206702161F94C5CD39FADD03F4014D98
                                                                                                                                                                                                                                                  SHA1:BD8BFC144FB5326D21BD1531523D9FB50E1B600A
                                                                                                                                                                                                                                                  SHA-256:1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
                                                                                                                                                                                                                                                  SHA-512:0AF09F26941B11991C750D1A2B525C39A8970900E98CBA96FD1B55DBF93FEE79E18B8AAB258F48B4F7BDA40D059629BC7770D84371235CDB1352A4F17F80E145
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MANIFEST-000002.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF6f1b0d.TMP (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\data_reduction_proxy_leveldb\LOG

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46
                                                                                                                                                                                                                                                  Entropy (8bit):4.311074184082723
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:tR4OWo4pzRBASWFv:pK9BASg
                                                                                                                                                                                                                                                  MD5:521F0B868468869377611D90659CD091
                                                                                                                                                                                                                                                  SHA1:92127B0DD27DF87CB3F38E2C58416932138B5EF5
                                                                                                                                                                                                                                                  SHA-256:7FF14F9778A1DFE449CA7DFEC739AFA80D74F689A00FEA09B833DF786502CBD1
                                                                                                                                                                                                                                                  SHA-512:0F8C8003646CA53320E7D2BA8AC33501AF91F71EFA3F4A252D31C1B4712E533132CD5BCFF089B7C426E75ACC04CDA1975244BDD699D583E2DCF7BA1B52EB2079
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:2024/02/05-15:57:07.818 7464 Delete type=3 #1.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:MPEG-4 LOAS
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):50
                                                                                                                                                                                                                                                  Entropy (8bit):4.948758439731456
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:Ukk/vxQRDKIVqU0blS:oO7iblS
                                                                                                                                                                                                                                                  MD5:22BF0E81636B1B45051B138F48B3D148
                                                                                                                                                                                                                                                  SHA1:56755D203579AB356E5620CE7E85519AD69D614A
                                                                                                                                                                                                                                                  SHA-256:E292F241DAAFC3DF90F3E2D339C61C6E2787A0D0739AAC764E1EA9BB8544EE97
                                                                                                                                                                                                                                                  SHA-512:A4CF1F5C74E0DF85DDA8750BE9070E24E19B8BE15C6F22F0C234EF8423EF9CA3DB22BA9EF777D64C33E8FD49FADA6FCCA26C1A14BA18E8472370533A1C65D8D0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:V........leveldb.BytewiseComparator...............

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Default\previews_opt_out.db

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3020000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                                                                                  Entropy (8bit):0.36180729043006593
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:TLldBgtBgJBgQjiZS53uQFE27MCgGZs5o:TJvg/gDgQjiZS0Qj7BgeAo
                                                                                                                                                                                                                                                  MD5:F88C6240452984BBA45F1B77B01FFFAC
                                                                                                                                                                                                                                                  SHA1:93CCD3DEAA9BD5BF073B978B2F5784DBB425D480
                                                                                                                                                                                                                                                  SHA-256:274B8CE48D0FBF149B5C7EB4AA94938978C4CD5A3346A290436B450601C672A9
                                                                                                                                                                                                                                                  SHA-512:B309F7058CD88DF7331370DC9F02ABAC62A8C98F64FF13A089DA4AC6702B6BB380029036B3C66B00ABD004102DEA4582731476CB72E9FD3BE2C8A197C9B41FE3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..................................................................................Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Local State (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1699
                                                                                                                                                                                                                                                  Entropy (8bit):4.833464560523698
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:YNow3p6otoiBH3UBaJ553S0fKche49hJa:E956otoixk65wy3he47Ja
                                                                                                                                                                                                                                                  MD5:8794022B33D10839D107741A8FED0DF9
                                                                                                                                                                                                                                                  SHA1:1E7BF2800BFD99121061BDC50C722038833258D1
                                                                                                                                                                                                                                                  SHA-256:B9BA68FAE28CF4F9FF8794055948516469D2D981FBCD6AAFFF171AD9E1CC4CCD
                                                                                                                                                                                                                                                  SHA-512:E4C9AAB5A4A9B2FF0A5647BF6DC041F42F5D8C439B2682F219AB0DBB1D00215F8F5EAAA43A2FBC5697C116BDBB66EE680CFAB3D84A6E87868176F74F33C29EBA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"hardware_acceleration_mode_previous":true,"policy":{"last_statistics_update":"13351618627453072"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_id":"","is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_id":"","name":"Person 1","shortcut_name":"","user_name":""}}},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"startup_metric":{"last_startup_timestamp":"13351618625947752","last_startup_version":"62.0.3202.94","same_version_startup_count":1},"subresource_filter":{"ruleset_version":{"content":"","format":0}},"tab_stats":{"last_daily_sample":"13351618627687435"},"uninstall_metrics":{"installation_date2":"1707145027","launch_count":"1","page_load_count":"2"},"user_experience_metrics":{"client_id2":"adf20a9c-1533-465c-81c2-9b40bcc52cae","client_id_timestamp":"1707145027","low_entropy_source2":81,"machine_id":478653,"sessio

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Local State~RF6f72b3.TMP (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1699
                                                                                                                                                                                                                                                  Entropy (8bit):4.833464560523698
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:YNow3p6otoiBH3UBaJ553S0fKche49hJa:E956otoixk65wy3he47Ja
                                                                                                                                                                                                                                                  MD5:8794022B33D10839D107741A8FED0DF9
                                                                                                                                                                                                                                                  SHA1:1E7BF2800BFD99121061BDC50C722038833258D1
                                                                                                                                                                                                                                                  SHA-256:B9BA68FAE28CF4F9FF8794055948516469D2D981FBCD6AAFFF171AD9E1CC4CCD
                                                                                                                                                                                                                                                  SHA-512:E4C9AAB5A4A9B2FF0A5647BF6DC041F42F5D8C439B2682F219AB0DBB1D00215F8F5EAAA43A2FBC5697C116BDBB66EE680CFAB3D84A6E87868176F74F33C29EBA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"hardware_acceleration_mode_previous":true,"policy":{"last_statistics_update":"13351618627453072"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_id":"","is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_id":"","name":"Person 1","shortcut_name":"","user_name":""}}},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"startup_metric":{"last_startup_timestamp":"13351618625947752","last_startup_version":"62.0.3202.94","same_version_startup_count":1},"subresource_filter":{"ruleset_version":{"content":"","format":0}},"tab_stats":{"last_daily_sample":"13351618627687435"},"uninstall_metrics":{"installation_date2":"1707145027","launch_count":"1","page_load_count":"2"},"user_experience_metrics":{"client_id2":"adf20a9c-1533-465c-81c2-9b40bcc52cae","client_id_timestamp":"1707145027","low_entropy_source2":81,"machine_id":478653,"sessio

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Local State~RF6fdd54.TMP (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1699
                                                                                                                                                                                                                                                  Entropy (8bit):4.833464560523698
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:YNow3p6otoiBH3UBaJ553S0fKche49hJa:E956otoixk65wy3he47Ja
                                                                                                                                                                                                                                                  MD5:8794022B33D10839D107741A8FED0DF9
                                                                                                                                                                                                                                                  SHA1:1E7BF2800BFD99121061BDC50C722038833258D1
                                                                                                                                                                                                                                                  SHA-256:B9BA68FAE28CF4F9FF8794055948516469D2D981FBCD6AAFFF171AD9E1CC4CCD
                                                                                                                                                                                                                                                  SHA-512:E4C9AAB5A4A9B2FF0A5647BF6DC041F42F5D8C439B2682F219AB0DBB1D00215F8F5EAAA43A2FBC5697C116BDBB66EE680CFAB3D84A6E87868176F74F33C29EBA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"hardware_acceleration_mode_previous":true,"policy":{"last_statistics_update":"13351618627453072"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_id":"","is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_id":"","name":"Person 1","shortcut_name":"","user_name":""}}},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"startup_metric":{"last_startup_timestamp":"13351618625947752","last_startup_version":"62.0.3202.94","same_version_startup_count":1},"subresource_filter":{"ruleset_version":{"content":"","format":0}},"tab_stats":{"last_daily_sample":"13351618627687435"},"uninstall_metrics":{"installation_date2":"1707145027","launch_count":"1","page_load_count":"2"},"user_experience_metrics":{"client_id2":"adf20a9c-1533-465c-81c2-9b40bcc52cae","client_id_timestamp":"1707145027","low_entropy_source2":81,"machine_id":478653,"sessio

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\Local State~RF702b26.TMP (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1699
                                                                                                                                                                                                                                                  Entropy (8bit):4.833464560523698
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:YNow3p6otoiBH3UBaJ553S0fKche49hJa:E956otoixk65wy3he47Ja
                                                                                                                                                                                                                                                  MD5:8794022B33D10839D107741A8FED0DF9
                                                                                                                                                                                                                                                  SHA1:1E7BF2800BFD99121061BDC50C722038833258D1
                                                                                                                                                                                                                                                  SHA-256:B9BA68FAE28CF4F9FF8794055948516469D2D981FBCD6AAFFF171AD9E1CC4CCD
                                                                                                                                                                                                                                                  SHA-512:E4C9AAB5A4A9B2FF0A5647BF6DC041F42F5D8C439B2682F219AB0DBB1D00215F8F5EAAA43A2FBC5697C116BDBB66EE680CFAB3D84A6E87868176F74F33C29EBA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"hardware_acceleration_mode_previous":true,"policy":{"last_statistics_update":"13351618627453072"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_id":"","is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_id":"","name":"Person 1","shortcut_name":"","user_name":""}}},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"startup_metric":{"last_startup_timestamp":"13351618625947752","last_startup_version":"62.0.3202.94","same_version_startup_count":1},"subresource_filter":{"ruleset_version":{"content":"","format":0}},"tab_stats":{"last_daily_sample":"13351618627687435"},"uninstall_metrics":{"installation_date2":"1707145027","launch_count":"1","page_load_count":"2"},"user_experience_metrics":{"client_id2":"adf20a9c-1533-465c-81c2-9b40bcc52cae","client_id_timestamp":"1707145027","low_entropy_source2":81,"machine_id":478653,"sessio

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\ad70fab4-1a9e-4969-8a1e-e0b4ccdc0e75.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1849
                                                                                                                                                                                                                                                  Entropy (8bit):4.850330625530663
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:YLfiow3p6otoiBH3UBaJ553S0fKche49mJa:ifi956otoixk65wy3he40Ja
                                                                                                                                                                                                                                                  MD5:D5817B9613DB18B2600E2F42B12A4E76
                                                                                                                                                                                                                                                  SHA1:BF6070F6F23A97D7F9AA6A42389F984C5DD4C706
                                                                                                                                                                                                                                                  SHA-256:7CFF5299025CE6F6502F1BAB9A8BBBA9E98020BFE50A877C44183216C663B8B5
                                                                                                                                                                                                                                                  SHA-512:2B8092C68D6419BA9167822D6CE2404114D2A3B47237A52D327CF8DB0DDDDD48C84C6B95A4A22F630CBC32624E40701E5F8947AB5974A23AB8B6BFED09D6B25B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"hardware_acceleration_mode_previous":true,"password_manager":{"os_password_blank":true,"os_password_last_changed":"13351618668534573"},"policy":{"last_statistics_update":"13351618627453072"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_id":"","is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_id":"","name":"Person 1","shortcut_name":"","user_name":""}}},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"startup_metric":{"last_startup_timestamp":"13351618625947752","last_startup_version":"62.0.3202.94","same_version_startup_count":1},"subresource_filter":{"ruleset_version":{"content":"","format":0}},"tab_stats":{"last_daily_sample":"13351618627687435"},"uninstall_metrics":{"installation_date2":"1707145027","launch_count":"1","page_load_count":"2"},"user_experience_metrics":{"client_

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\FAST!\User Data\c5c8bf64-de75-4489-b413-cafb526313a1.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1756
                                                                                                                                                                                                                                                  Entropy (8bit):4.835040632400666
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:YLfow3p6otoiBH3UBaJ553S0fKche49mJa:if956otoixk65wy3he40Ja
                                                                                                                                                                                                                                                  MD5:E7AC3F73BE634F87E94EC6B37E23D7FF
                                                                                                                                                                                                                                                  SHA1:05DFEAB55C749D7ED2909F1FDEA6A9D3F5BC5157
                                                                                                                                                                                                                                                  SHA-256:38A2A01037851756893D5619DA043DFF22C2A9D910E2F71BDF4F8F5321027C67
                                                                                                                                                                                                                                                  SHA-512:138C5530C265836F02F2CB1B9E9049011BA0887F69E657A7CD631291365ED5D3ADF37E5FC9753D423360FED2A1CE8FA086208BD1590206FA238DDB89909849FD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"hardware_acceleration_mode_previous":true,"policy":{"last_statistics_update":"13351618627453072"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"gaia_id":"","is_ephemeral":false,"is_omitted_from_profile_list":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_id":"","name":"Person 1","shortcut_name":"","user_name":""}}},"shutdown":{"num_processes":0,"num_processes_slow":0,"type":0},"startup_metric":{"last_startup_timestamp":"13351618625947752","last_startup_version":"62.0.3202.94","same_version_startup_count":1},"subresource_filter":{"ruleset_version":{"content":"","format":0}},"tab_stats":{"last_daily_sample":"13351618627687435"},"uninstall_metrics":{"installation_date2":"1707145027","launch_count":"1","page_load_count":"2"},"user_experience_metrics":{"client_id2":"adf20a9c-1533-465c-81c2-9b40bcc52cae","client_id_timestamp":"1707145027","low_entropy_s

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\SetupEngine[1].exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3208568
                                                                                                                                                                                                                                                  Entropy (8bit):7.993984815619479
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:98304:MGW8ag3duVxD/2/X0HRFVs746cLyl9bvrv:MGW8Vi/2P0Hm7LxHv
                                                                                                                                                                                                                                                  MD5:6ADC1C797360ABEE521CAC2019130184
                                                                                                                                                                                                                                                  SHA1:658DDE0E4189D365C32DBA73ACDC523B8A58E1C1
                                                                                                                                                                                                                                                  SHA-256:C9F73F363380BAFAFFF309DAE38CF6E56ABFED4B50732894D04CE01339821FCB
                                                                                                                                                                                                                                                  SHA-512:921D45AAAB38DA4D52E54D31C14BAE03D0EB2792BF047F7755E484EBF9F166ED43B4652C4E71192E60D5B6746EB24E6348EC520D507326897BA0F77EF0B83545
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j..........-5............@...................................1...@..............................................L............0.h)...........................................................................................text....h.......j.................. ..`.rdata...............n..............@..@.data...............................@....ndata...@...`...........................rsrc....L.......N..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\SetupResources[1].exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):55410880
                                                                                                                                                                                                                                                  Entropy (8bit):7.998952021709674
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:1572864:Yq6r2jVe6d4iw4Gf+wznzARxcky/hCkpLvsxnfVXe503I:N6KjVxd40GfhzzARxckyZCCLANXe5qI
                                                                                                                                                                                                                                                  MD5:884E1463B4CB20B28C3A80960E02AC2D
                                                                                                                                                                                                                                                  SHA1:E6BFBCD90FEF4918754393F02B8D9D5A30B3D260
                                                                                                                                                                                                                                                  SHA-256:94C3E4DB939C00F36DB55C752A7E452B8B76DA4752EA01491E2DE3FED2FE9C21
                                                                                                                                                                                                                                                  SHA-512:3332415DED6FD0C8358769A3639DA30CE1A2FC738E07222848064DBDD49834AD59E06F039D69DDAEAE732A2699EA037DA18C83C849EB64CDACA10340E1AC4492
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3(..RF..RF..RF.*]...RF..RG.pRF.*]...RF.qv..RF..T@..RF.Rich.RF.........................PE..L...oy.V.................`...........1.......p....@...................................N......................................t......................8lM..............................................................p...............................text...<^.......`.................. ..`.rdata..j....p.......d..............@..@.data...8]...........x..............@....ndata...................................rsrc............ ...~..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\SetupEngine.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3208568
                                                                                                                                                                                                                                                  Entropy (8bit):7.993984815619479
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:98304:MGW8ag3duVxD/2/X0HRFVs746cLyl9bvrv:MGW8Vi/2P0Hm7LxHv
                                                                                                                                                                                                                                                  MD5:6ADC1C797360ABEE521CAC2019130184
                                                                                                                                                                                                                                                  SHA1:658DDE0E4189D365C32DBA73ACDC523B8A58E1C1
                                                                                                                                                                                                                                                  SHA-256:C9F73F363380BAFAFFF309DAE38CF6E56ABFED4B50732894D04CE01339821FCB
                                                                                                                                                                                                                                                  SHA-512:921D45AAAB38DA4D52E54D31C14BAE03D0EB2792BF047F7755E484EBF9F166ED43B4652C4E71192E60D5B6746EB24E6348EC520D507326897BA0F77EF0B83545
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j..........-5............@...................................1...@..............................................L............0.h)...........................................................................................text....h.......j.................. ..`.rdata...............n..............@..@.data...............................@....ndata...@...`...........................rsrc....L.......N..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\SetupResources.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):55410880
                                                                                                                                                                                                                                                  Entropy (8bit):7.998952021709674
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:1572864:Yq6r2jVe6d4iw4Gf+wznzARxcky/hCkpLvsxnfVXe503I:N6KjVxd40GfhzzARxckyZCCLANXe5qI
                                                                                                                                                                                                                                                  MD5:884E1463B4CB20B28C3A80960E02AC2D
                                                                                                                                                                                                                                                  SHA1:E6BFBCD90FEF4918754393F02B8D9D5A30B3D260
                                                                                                                                                                                                                                                  SHA-256:94C3E4DB939C00F36DB55C752A7E452B8B76DA4752EA01491E2DE3FED2FE9C21
                                                                                                                                                                                                                                                  SHA-512:3332415DED6FD0C8358769A3639DA30CE1A2FC738E07222848064DBDD49834AD59E06F039D69DDAEAE732A2699EA037DA18C83C849EB64CDACA10340E1AC4492
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3(..RF..RF..RF.*]...RF..RG.pRF.*]...RF.qv..RF..T@..RF.Rich.RF.........................PE..L...oy.V.................`...........1.......p....@...................................N......................................t......................8lM..............................................................p...............................text...<^.......`.................. ..`.rdata..j....p.......d..............@..@.data...8]...........x..............@....ndata...................................rsrc............ ...~..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\diskspd.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):144688
                                                                                                                                                                                                                                                  Entropy (8bit):6.667845757025275
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:4YRHFhhMmofU98VLVFqZ3/FnKk2vlQBOJ2LcjNal+laLMQ03hc3J2tjF6+hjIEKT:NRlhhMmh33NnaE6O0vF6wBYqW2popg4
                                                                                                                                                                                                                                                  MD5:FC41CABDD3C18079985AC5F648F58A90
                                                                                                                                                                                                                                                  SHA1:51A619DDCB3661AA8675C2D7483840AC4F991746
                                                                                                                                                                                                                                                  SHA-256:FA159F50E67FB5829F0F2511E25111C719411E6B6152FEA97F3A296264C7D7A4
                                                                                                                                                                                                                                                  SHA-512:691090B54CE52D7E8BCFFF2711ADE7A6A8BB21B409358D7BFFC2053A53C116C7C22896F21BA36945A54F094D963CD9361A132D2E165365FE287C02F3C60356ED
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7...s..s..s.....z.....f.....{.....x..s........x......r......r..Richs..........PE..L...O.*W..........................................@..........................`............@...... ...........................!..x....0.. ............&..0....@..........8...............................@............ ...............................text...8........................... ..`.data...h...........................@....idata..j.... ......................@..@.rsrc... ....0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\dskres.xml

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                  Size (bytes):2626
                                                                                                                                                                                                                                                  Entropy (8bit):5.183692267333622
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UDcXK//6zXledsGZqdfb+pz3kELe9XwMZM6TPM9CW17TpwlQpTy7:QgoWGZPkELezy64/hTsv
                                                                                                                                                                                                                                                  MD5:BF72BF6380EA9D154058B995B502DC0C
                                                                                                                                                                                                                                                  SHA1:76C7BF836D19440FC0AB2330045FA265845EE281
                                                                                                                                                                                                                                                  SHA-256:7D3A13C4C5E1B218C2000D087617CF5FA976B21D2D6260B449B89586554FC6D0
                                                                                                                                                                                                                                                  SHA-512:AFF3EFF24F4B582A8F7478A1A56021FEF2DD79C828B29F4C62D92F90C98EF580227D5B54E148FD0402AF1512B321198ABA87576B69B9B673B2545DC7D95287C5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:<Results>..<System>..<ComputerName>035347</ComputerName>..<Tool>..<Version>2.0.17a</Version>..<VersionDate>2016/5/01</VersionDate>..</Tool>..<RunTime>2024/02/05 14:56:53 GMT</RunTime>..<ProcessorTopology>..<Group Group="0" MaximumProcessors="2" ActiveProcessors="2" ActiveProcessorMask="0x3"/>..</ProcessorTopology>..</System>..<Profile>..<Progress>0</Progress>..<ResultFormat>xml</ResultFormat>..<Verbose>false</Verbose>..<TimeSpans>..<TimeSpan>..<CompletionRoutines>false</CompletionRoutines>..<MeasureLatency>false</MeasureLatency>..<CalculateIopsStdDev>false</CalculateIopsStdDev>..<DisableAffinity>false</DisableAffinity>..<Duration>10</Duration>..<Warmup>5</Warmup>..<Cooldown>0</Cooldown>..<ThreadCount>0</ThreadCount>..<IoBucketDuration>1000</IoBucketDuration>..<RandSeed>0</RandSeed>..<Targets>..<Target>..<Path>C:\Users\user\AppData\Local\Temp\testfile.temp</Path>..<BlockSize>4096</BlockSize>..<BaseFileOffset>0</BaseFileOffset>..<SequentialScan>false</SequentialScan>..<RandomAccess>fal

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsd4724.tmp\INetC.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22016
                                                                                                                                                                                                                                                  Entropy (8bit):5.668346578219837
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:VpOSdCjDyyvBwRlX+ODbswYM2s74NS0v0Ac9khYLMkIX0+Gzyekx:rdCjW/lX1PfYM2X1
                                                                                                                                                                                                                                                  MD5:92EC4DD8C0DDD8C4305AE1684AB65FB0
                                                                                                                                                                                                                                                  SHA1:D850013D582A62E502942F0DD282CC0C29C4310E
                                                                                                                                                                                                                                                  SHA-256:5520208A33E6409C129B4EA1270771F741D95AFE5B048C2A1E6A2CC2AD829934
                                                                                                                                                                                                                                                  SHA-512:581351AEF694F2489E1A0977EBCA55C4D7268CA167127CEFB217ED0D2098136C7EB433058469449F75BE82B8E5D484C9E7B6CF0B32535063709272D7810EC651
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9<.EXR.EXR.EXR.b.).LXR.EXS..XR.b. .FXR.b.(.DXR.b...DXR.b.*.DXR.RichEXR.................PE..L....I6V...........!.....8...P......Q?.......P...................................................................... G..l....?..d.......(...............................................................................P............................text....7.......8.................. ..`.data...<<...P.......<..............@....rsrc...(............D..............@..@.reloc...............N..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsd4724.tmp\System.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                                                                  Entropy (8bit):5.7433628862644
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:Xv+cJZE61KRWJQO6tFiUdK7ckD4k7l1XRBm0w+NiHi1nSJ:Xf6rtFRdbQ1W+fn8
                                                                                                                                                                                                                                                  MD5:0FF5120F1AFD0F295C2BAA0F7192D3F8
                                                                                                                                                                                                                                                  SHA1:BDE842D5D11005DCB4FF1D4EA97DA31865477697
                                                                                                                                                                                                                                                  SHA-256:4CA5BF1BEB4B802914C4D3E2F37861F6BA5ECF969CFEADF5855EDF58F647A721
                                                                                                                                                                                                                                                  SHA-512:E049FFD7AACE8D136EEE007EE4F8DBC2AE8F3DCE79D1C633D9654392240F8215787DF8A6D08085257DB51F28FF2A8023A13333DDA3EA7F9BDC8B9C57B605F0A0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L...^y.V...........!.................).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text............................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsd4724.tmp\WmiInspector.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):118784
                                                                                                                                                                                                                                                  Entropy (8bit):6.425120053243541
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:1Gg42gDj3f6+qSunYP4rayTba/KgCNgKONMjv1c4EotCsWjcdofV/D8DE:JTgn3dwra0iK6YjvFEojofV/IDE
                                                                                                                                                                                                                                                  MD5:74C44D664457CEC263E2E2BC1C59CD7A
                                                                                                                                                                                                                                                  SHA1:3C30917C961042933911D796A18CE338C5960BF3
                                                                                                                                                                                                                                                  SHA-256:C2E0A3F3540E05FB36F1A17B0228FF4BA2C6BCEC89D9F806CD281C4D8D42161B
                                                                                                                                                                                                                                                  SHA-512:9C0483ACF134F6FD727E2F8BA536953A3515EC7C3518DFF58F50D92573F033D9E2FE9DA65A62B6B32ABE393F2F79F32F611F4AFA947FF4A37C08C07E00814497
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$p.-`..~`..~`..~&@.~u..~&@:~...~...~a..~&@;~S..~...~i..~`..~...~mC?~a..~mC.~a..~mC.~a..~mC.~a..~Rich`..~........................PE..L....^UV...........!................Sp.......@............................... ............@.........................p...2.......P...............................p....A..8...............................@............@..<............................text...L-.......................... ..`.rdata..Nn...@...p...2..............@..@.data....:..........................@....rsrc...............................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsd4724.tmp\modern-wizard.bmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                                  File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):26494
                                                                                                                                                                                                                                                  Entropy (8bit):1.9568109962493656
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
                                                                                                                                                                                                                                                  MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                                                                                                                                                                                                                  SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                                                                                                                                                                                                                  SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                                                                                                                                                                                                                  SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsd4724.tmp\nsDialogs.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9728
                                                                                                                                                                                                                                                  Entropy (8bit):5.052729239776183
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:FtJ6tC4jcY5rKhkfL9SYdKkcxM2DjDf3GEfKvBKav+Yx4BndY7ndS27gA:Fyj6QS8HREf+BYYxAdqn420
                                                                                                                                                                                                                                                  MD5:C4BE29CD82D2D02FABADB153C8A54846
                                                                                                                                                                                                                                                  SHA1:8E7DC6B67ECAB045C735715C2D4E524CA6E774A4
                                                                                                                                                                                                                                                  SHA-256:1D85D2A1216909905B095284894BFC54840C15E949B1BC8711734EEEA795A60F
                                                                                                                                                                                                                                                  SHA-512:7ED721125672765B3774FE512DFF2B6AB7017D75409E2218C54809FD91FC37FF9356C0C2E11F8F05AED0F3FC515B90299A8B98EF611AD575B080AF0A4716F237
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.cXN`0XN`0XN`0XNa0mN`0.A=0UN`0.mP0]N`0.Hf0YN`0.nd0YN`0RichXN`0........................PE..L...\y.V...........!......... ...............0.......................................................................6..k....0.......`.......................p.......................................................0...............................text...G........................... ..`.rdata..k....0......................@..@.data........@......................@....rsrc........`....... ..............@..@.reloc..<....p......."..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsf9748.tmp\SimpleSC.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1110016
                                                                                                                                                                                                                                                  Entropy (8bit):6.62382554711905
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:fRdJsAp4dXFcLBz75cwoCmJKHwe6VuoH9v0D/LF5mM6:fBsmyVS151oCmJKE1dv0DX
                                                                                                                                                                                                                                                  MD5:7B89329C6D8693FB2F6A4330100490A0
                                                                                                                                                                                                                                                  SHA1:851B605CDC1C390C4244DB56659B6B9AA8ABD22C
                                                                                                                                                                                                                                                  SHA-256:1620CDF739F459D1D83411F93648F29DCF947A910CC761E85AC79A69639D127D
                                                                                                                                                                                                                                                  SHA-512:AC07972987EE610A677EA049A8EC521A720F7352D8B93411A95FD4B35EC29BFD1D6CCF55B48F32CC84C3DCEEF05855F723A88708EB4CF23CAEC77E7F6596786A
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...9.`............................L........ ....@......................................................................................2......................@f......................................................X............................text............................... ..`.itext..d........................... ..`.data...x;... ...<..................@....bss....@d...`...........................idata...............<..............@....didata..............L..............@....edata...............N..............@..@.rdata..E............T..............@..@.reloc..@f.......h...V..............@..B.rsrc....2.......2..................@..@....................................@..@........................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsf9748.tmp\System.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12288
                                                                                                                                                                                                                                                  Entropy (8bit):5.814115788739565
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                                                                                                                                                                                  MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                                                                                                                                                  SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                                                                                                                                                  SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                                                                                                                                                  SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsf9748.tmp\inetc.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):39424
                                                                                                                                                                                                                                                  Entropy (8bit):4.684597989866362
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:njt65uI9oYzcCaHjl9Cb4I1f0AGhrHXoREnRxtIpH/u0abJ2v2DW9O9tk8ZwkpwD:noHtNQoRSIwTJB6Q/kPyBp6
                                                                                                                                                                                                                                                  MD5:A35CDC9CF1D17216C0AB8C5282488EAD
                                                                                                                                                                                                                                                  SHA1:ED8E8091A924343AD8791D85E2733C14839F0D36
                                                                                                                                                                                                                                                  SHA-256:A793929232AFB78B1C5B2F45D82094098BCF01523159FAD1032147D8D5F9C4DF
                                                                                                                                                                                                                                                  SHA-512:0F15B00D0BF2AABD194302E599D69962147B4B3EF99E5A5F8D5797A7A56FD75DD9DB0A667CFBA9C758E6F0DAB9CED126A9B43948935FE37FC31D96278A842BDF
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&.[.H.[.H.[.H.O.I.R.H.[.I...H...M.Y.H...L.Z.H...H.Z.H.....Z.H...J.Z.H.Rich[.H.................PE..L...n..c...........!.....T.........._........p............................... ............@..........................x......D...d...............................t....w..8...............................................D............................text....S.......T.................. ..`.rdata.......p.......X..............@..@.data....i...........d..............@....idata..A............v..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsf9748.tmp\nsExec.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7168
                                                                                                                                                                                                                                                  Entropy (8bit):5.298362543684714
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW
                                                                                                                                                                                                                                                  MD5:675C4948E1EFC929EDCABFE67148EDDD
                                                                                                                                                                                                                                                  SHA1:F5BDD2C4329ED2732ECFE3423C3CC482606EB28E
                                                                                                                                                                                                                                                  SHA-256:1076CA39C449ED1A968021B76EF31F22A5692DFAFEEA29460E8D970A63C59906
                                                                                                                                                                                                                                                  SHA-512:61737021F86F54279D0A4E35DB0D0808E9A55D89784A31D597F2E4B65B7BBEEC99AA6C79D65258259130EEDA2E5B2820F4F1247777A3010F2DC53E30C612A683
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........................PE..L.....Oa...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..<.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nso119A.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7
                                                                                                                                                                                                                                                  Entropy (8bit):2.8073549220576046
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:Ngn:Ng
                                                                                                                                                                                                                                                  MD5:C21F969B5F03D33D43E04F8F136E7682
                                                                                                                                                                                                                                                  SHA1:7505D64A54E061B7ACD54CCD58B49DC43500B635
                                                                                                                                                                                                                                                  SHA-256:37A8EEC1CE19687D132FE29051DCA629D164E2C4958BA141D5F4133A33F0688F
                                                                                                                                                                                                                                                  SHA-512:1625CDB75D25D9F699FD2779F44095B6E320767F606F095EB7EDAB5581E9E3441ADBB0D628832F7DC4574A77A382973CE22911B7E4DF2A9D2C693826BBD125BC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:default

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\temp_event

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):42
                                                                                                                                                                                                                                                  Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                  MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                  SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                  SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                  SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\temp_settings

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):29
                                                                                                                                                                                                                                                  Entropy (8bit):2.4688702187432865
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:nVUdvGt1U:Zte
                                                                                                                                                                                                                                                  MD5:86CF4BCCD386456CA8091DEC847A0AD1
                                                                                                                                                                                                                                                  SHA1:F6E3A73D7A1284A46E62EDCEBC7351FF6854CF65
                                                                                                                                                                                                                                                  SHA-256:002A1BEFFB815578D1551DF0D56F2153EAFDE7DCE1902FB3328421242726C19B
                                                                                                                                                                                                                                                  SHA-512:620FACF072B2BF312180A0A5A48BF5688F9D53AD4699B5D676E041C4840082A87F5AD7DD82C216F1B5136FA1AF89EFF7FAEAEFED0F20547355B057A3DE4C61B7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:0,0,0,1,2,64,2,5,256,1,2,64,1

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\testfile.temp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\diskspd.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):104857600
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                  MD5:2F282B84E7E608D5852449ED940BFC51
                                                                                                                                                                                                                                                  SHA1:2C2CECCB5EC5574F791D45B63C940CFF20550F9A
                                                                                                                                                                                                                                                  SHA-256:20492A4D0D84F8BEB1767F6616229F85D44C2827B64BDBFB260EE12FA1109E0E
                                                                                                                                                                                                                                                  SHA-512:2798503C2C7B718799324122137BF30A562AAD1BC04BBF343DAAD225A5FD0D1FD5D269843A01AB00D4F8D8C5AB34F8956065F9831EF7459E9C487E895099E956
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 5 13:56:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2677
                                                                                                                                                                                                                                                  Entropy (8bit):3.9818252798821567
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:B7042D835E70C86A58C3E82452375358
                                                                                                                                                                                                                                                  SHA1:691CA227CE8AB3FE71E33EC014C98C1B2E9C7504
                                                                                                                                                                                                                                                  SHA-256:EDB967AAD58CFB47D7F29DEB28DA917421E5A6920E22E1F6321EC3BD04A6A375
                                                                                                                                                                                                                                                  SHA-512:FB394FE6A03A433A37A7BA316A778659906E7A804A017978CC7FA86C4577B41205AE7E3A0DE6BA3CDFE904DA73631552A5D06B9629B91A1610D5DBD1FE97E7B4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.....~{CX..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IEX.w....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VEX.w....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VEX.w....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VEX.w..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEX.w...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 5 13:56:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2679
                                                                                                                                                                                                                                                  Entropy (8bit):3.9983283453357013
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:8B10BA58F01FD6561162B58B080853E0
                                                                                                                                                                                                                                                  SHA1:BB0A9F6B469E9471FE5987DE07AC715C77C3D035
                                                                                                                                                                                                                                                  SHA-256:B6DE5E5D9002184A311BD9C2FD9464A293B6C1E243BEF994AE347B9639505D5B
                                                                                                                                                                                                                                                  SHA-512:001C41FB2C58992EF7DADE40DA3A87A0D25F6D425E748F06B2B0F43093963B1A96D1AA89539B5382CAF079288AA6C6916F5779A5005AE9020D671FC498FE28A4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.....8q{CX..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IEX.w....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VEX.w....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VEX.w....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VEX.w..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEX.w...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2693
                                                                                                                                                                                                                                                  Entropy (8bit):4.008740665618333
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:76FB22B030B19E4E237F72C13B3ED93C
                                                                                                                                                                                                                                                  SHA1:33A6BE3A7ABBA2F37215EC6A23272A1CB467EE89
                                                                                                                                                                                                                                                  SHA-256:C4AC4CF700CE5DC7DA79F7F2C09C45A0B40F9BB760389AD0F7C5363805A6A3DE
                                                                                                                                                                                                                                                  SHA-512:F30A09444A1F4F42945FE99C1A1E8DD5EF9CBFFDC9744542BB2FEF7ACC7BA732D10BF28DCE6AC91745B8B45C47DF19E20263C14DD91553B886755F89015F957C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IEX.w....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VEX.w....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VEX.w....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VEX.w..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 5 13:56:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2681
                                                                                                                                                                                                                                                  Entropy (8bit):3.9939911983582204
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:196D7108A3DDE01BC2810D3F0AECDF5E
                                                                                                                                                                                                                                                  SHA1:EDBCBF678302E1723E62ACF8AFF6EC3DCB95B143
                                                                                                                                                                                                                                                  SHA-256:82FAA13AF360357897E521701897B68DA2C09F910E2041C8E98CB66BE2F29894
                                                                                                                                                                                                                                                  SHA-512:D9133371A80FE8CD8FC07B46A0073BABA9377F1566C61B7EF78F2CD30E50B6C0185EBDFE670CB781621962B6A318C86FC877D62EB5A32EE87329A3D3A570C52F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,......i{CX..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IEX.w....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VEX.w....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VEX.w....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VEX.w..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEX.w...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 5 13:56:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2681
                                                                                                                                                                                                                                                  Entropy (8bit):3.985649070147297
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:AA74405F28427474B3C77ACD835AAA59
                                                                                                                                                                                                                                                  SHA1:907A16D300DC64AE25BDE829287F902052132E68
                                                                                                                                                                                                                                                  SHA-256:C2D0036856F725B485803C2D63724AB3C1E4BF0EC6CA365A50E96AFE4DFEFC96
                                                                                                                                                                                                                                                  SHA-512:BD0A49040A8E60AEC12A1BEDA3700DA3D24C5CEAAE0530AFF1AD507832B3845A35D977BC9E50EE149B883D2A2E4E6EF4BBD87349548AD8994F174CCA16B5D05B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.....x{CX..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IEX.w....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VEX.w....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VEX.w....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VEX.w..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEX.w...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Feb 5 13:56:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2683
                                                                                                                                                                                                                                                  Entropy (8bit):3.9951067572530414
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:1A8FF19347B00B702C17CBE266B5C271
                                                                                                                                                                                                                                                  SHA1:331612F7E2DE661DD0898DAB656287D8E2B30371
                                                                                                                                                                                                                                                  SHA-256:48396118FB77246E659FB8EBFC887DC842D716345004BF33825DB681339066D0
                                                                                                                                                                                                                                                  SHA-512:EBEEE8EB1A5E5D7850F621FBFEF86B662746F84FA4A1454674220CC346C45DCBAB81E6B9BD9F5B23A587E1A6D2AFFE38E0A3DC2DCB444D2FB560AB393D1865D3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,......]{CX..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IEX.w....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VEX.w....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VEX.w....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VEX.w..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEX.w...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.a.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!\Fast!.lnk

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Fri Nov 17 09:35:18 2023, mtime=Mon Feb 5 13:57:03 2024, atime=Fri Nov 17 09:35:18 2023, length=1983320, window=hide
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1938
                                                                                                                                                                                                                                                  Entropy (8bit):3.2343590681939465
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:2E58B280A0A8C7A06911FC7A7EC51768
                                                                                                                                                                                                                                                  SHA1:796B60479542DE5B6194F7990F715DA64914653D
                                                                                                                                                                                                                                                  SHA-256:3E99139D89E1935D8A34CEC75A17155BCD32BEC63E04028BCE64D47DB0D184C4
                                                                                                                                                                                                                                                  SHA-512:F94FA0A092FFD1282EA61C35824AC9D0DA7EC87DB46AAF06B6E1E08541CD0C8A58C3BCB1A33E473BF082396BC72C146A1D10C873F698AC7658CE4CFF21E292A5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:L..................F.@.. ....7..A.....].CX...7..A...XC......................s....P.O. .:i.....+00.../C:\.....................1.....EX.w..PROGRA~2.........O.IEX.w....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....P.1.....EX"w..Fast!.<......EX.wEX"w....."....................k.C.F.a.s.t.!.....\.2.XC..qWiT .fast!.exe.D......qWiTEX.w..............................f.a.s.t.!...e.x.e.......U...............-.......T............<.a.....C:\Program Files (x86)\Fast!\fast!.exe..>.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.f.a.s.t.!...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.&.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.F.a.s.t.!...e.x.e.........%ProgramFiles%\Fast!\Fast!.exe......................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!\Uninstall.lnk

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Mon Feb 5 13:57:03 2024, mtime=Mon Feb 5 13:57:03 2024, atime=Mon Feb 5 13:57:03 2024, length=475630, window=hide
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1984
                                                                                                                                                                                                                                                  Entropy (8bit):3.3372049358094085
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:2B1F3740667BC25DAAF91DD930652CBF
                                                                                                                                                                                                                                                  SHA1:C9E1203DE71E5935BCB0DB3AF55D50AF88766959
                                                                                                                                                                                                                                                  SHA-256:E176D7D92906A0FEBF577E9EF79DBEB3BD8BA2422A908B15F3F15D2F30CE8ACA
                                                                                                                                                                                                                                                  SHA-512:F5C68E9D86F793EAC5ABB657D7CE8F4D0437F139B59D0159C2EE69C56FB1D1462672427221009304ADF216AC1161994C514E284B749EE848C79452CEFED2488F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:L..................F.@.. .....V.CX....X.CX....X.CX...A...........................P.O. .:i.....+00.../C:\.....................1.....EX.w..PROGRA~2.........O.IEX.w....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....P.1.....EX"w..Fast!.<......EX.wEX"w....."....................k.C.F.a.s.t.!.....l.2..A..EX"w .UNINST~1.EXE..P......EX"wEX"w....."..................../.@.u.n.i.n.s.t.a.l.l.e.r...e.x.e.......[...............-.......Z............<.a.....C:\Program Files (x86)\Fast!\uninstaller.exe..D.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.u.n.i.n.s.t.a.l.l.e.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.u.n.i.n.s.t.a.l.l.e.r...e.x.e.........%ProgramFiles%\Fast!\uninstaller.exe..................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\Desktop\Fast!.lnk

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Nov 17 09:35:18 2023, mtime=Mon Feb 5 13:56:57 2024, atime=Fri Nov 17 09:35:18 2023, length=1983320, window=hide
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1036
                                                                                                                                                                                                                                                  Entropy (8bit):4.6216916351967186
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:81407889AB5EAB6091C7CD84604DD51D
                                                                                                                                                                                                                                                  SHA1:3701DB9E49443C5449859B9372DABEB04A503BF0
                                                                                                                                                                                                                                                  SHA-256:5FE42663AE03AAA894540C85BF674D262956EB689C29E5B606A3F97F997B37B9
                                                                                                                                                                                                                                                  SHA-512:20461C5D959EB15DCF789F998FE8877C5B953B72C632AE55A18420B249CEC3A99D2FD7F996EC2E06C10CA35F54B7FBEA97875B48F97D4469CF65A7A014D36799
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:L..................F.... ....7..A.......CX...7..A...XC......................s....P.O. .:i.....+00.../C:\.....................1.....EX.w..PROGRA~2.........O.IEX.w....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....P.1.....EX w..Fast!.<......EX.wEX w....."........................F.a.s.t.!.....\.2.XC..qWiT .fast!.exe.D......qWiTEX.w..............................f.a.s.t.!...e.x.e.......U...............-.......T............<.a.....C:\Program Files (x86)\Fast!\fast!.exe..,.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.f.a.s.t.!...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.........*................@Z|...K.J.........`.......X.......035347...........hT..CrF.f4... ..g3.6....,...E...hT..CrF.f4... ..g3.6....,...E..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.........9...1SPS..mD..pH.H@..=x.....h

                                                                                                                                                                                                                                                  C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):55
                                                                                                                                                                                                                                                  Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                                  SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                                  SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                                  SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                                                  Chrome Cache Entry: 221

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1632)
                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                  Size (bytes):5776
                                                                                                                                                                                                                                                  Entropy (8bit):5.406231475448828
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:EED76F35E91F6AA4CC81975B39DBE5F8
                                                                                                                                                                                                                                                  SHA1:F3621A40F3CA29EC20751427841051450494B2DD
                                                                                                                                                                                                                                                  SHA-256:C3C96CCEAFDE14A4669C2114EE0D10BCE6EC0163064151A98824A2575D97EAF7
                                                                                                                                                                                                                                                  SHA-512:3B67D03351DA819A09C0AB16C549ABA5BF33897C7E50DC96B8436BCD97DF3421D82FF0F758FC276AB25A7569468450994F83A947306AB363821D27AD7B615C69
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  URL:https://fonts.googleapis.com/css?family=Open%20Sans
                                                                                                                                                                                                                                                  Preview:/* cyrillic-ext */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4taVIGxA.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4kaVIGxA.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4saVIGxA.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-fa

                                                                                                                                                                                                                                                  Chrome Cache Entry: 222

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (64347)
                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                  Size (bytes):218853
                                                                                                                                                                                                                                                  Entropy (8bit):5.455756769800765
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:26A729125E52380427FD951672D039D4
                                                                                                                                                                                                                                                  SHA1:AD8C3433BBFB0B5611404E597717A5C21C4247AE
                                                                                                                                                                                                                                                  SHA-256:22CF1BABA55ECED80D7EBB0DE51FC8961757EF581964F8E10EBC8676399EBA81
                                                                                                                                                                                                                                                  SHA-512:19EFB34CAEC308513BFE7A091434DA1AF8906C2C9D5A1F94CDC3CB78A0DE87DD012A70433294AFE25F50A77080E194CF85CEF42717BDBDAF30FA975A392DAF8E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  URL:https://connect.facebook.net/en_US/fbevents.js
                                                                                                                                                                                                                                                  Preview:/**.* Copyright (c) 2017-present, Facebook, Inc. All rights reserved..*.* You are hereby granted a non-exclusive, worldwide, royalty-free license to use,.* copy, modify, and distribute this software in source code or binary form for use.* in connection with the web services and APIs provided by Facebook..*.* As with any software that integrates with the Facebook platform, your use of.* this software is subject to the Facebook Platform Policy.* [http://developers.facebook.com/policy/]. This copyright notice shall be.* included in all copies or substantial portions of the software..*.* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN.* CONNECTION WI

                                                                                                                                                                                                                                                  Chrome Cache Entry: 223

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):675
                                                                                                                                                                                                                                                  Entropy (8bit):7.606800268124855
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:8D1ED092B3BE364DC47574F1310D2C87
                                                                                                                                                                                                                                                  SHA1:D5BBA623B5AFB4C5B6C0AD5ED04A10F1881DA595
                                                                                                                                                                                                                                                  SHA-256:07B61E98466A1F851D5DCF555AD9B901684EE622275129B98C38DA3785506FF2
                                                                                                                                                                                                                                                  SHA-512:70134A9B5B786473A56F11BA7098CA6AF568EEF97AA8704A9748A5EFDFC4F16CEE1F9C22CEA9F55660BE4FEB14D6C1B5B09A7C76076D4F813A58FECF27BB8828
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR... ... .....szz....jIDATx..VKK.Q....R."..q.....Z.|.P....."b..'.......XiE..B6.6Z.c4.8....nf.$Nf&^. d1.w..9'.*..$.(.2N.V.|.&....g...8.E.%].y.G_$8...O.H..4....%..>.N...P.....K..V9Z..4f..Y.,..T.pGi.%.?8.,@..W.'q...g...}p8....y.5r.......)......&....(.WrD_V.er.).h.....t....c~sN..u&S....Z.m|.n..c.-_.A....(...._....X....,.hBD..<Z..Yk.V..._7V...U.........;....'....F..>;B..8.^.f../.:.. a?]..\.l......&@dD.g..y.r.p.g....fG<......M...r.....c..,...FJ,W...2G...d.9Q.4..5{4D...,._Oe.......Csbw.M~......dU.........j.0W.....r...'.s6..S......n...E...V@..e.$V....rfeN7.I...z+..`..R.,.N.]...>z..i#.*.~b.....N'..~0go.].*....I.e.x........[.S......IEND.B`.

                                                                                                                                                                                                                                                  Chrome Cache Entry: 224

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                  Size (bytes):675
                                                                                                                                                                                                                                                  Entropy (8bit):7.606800268124855
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:8D1ED092B3BE364DC47574F1310D2C87
                                                                                                                                                                                                                                                  SHA1:D5BBA623B5AFB4C5B6C0AD5ED04A10F1881DA595
                                                                                                                                                                                                                                                  SHA-256:07B61E98466A1F851D5DCF555AD9B901684EE622275129B98C38DA3785506FF2
                                                                                                                                                                                                                                                  SHA-512:70134A9B5B786473A56F11BA7098CA6AF568EEF97AA8704A9748A5EFDFC4F16CEE1F9C22CEA9F55660BE4FEB14D6C1B5B09A7C76076D4F813A58FECF27BB8828
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  URL:https://repository.pcapp.store/pcapp/images/fast.png
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR... ... .....szz....jIDATx..VKK.Q....R."..q.....Z.|.P....."b..'.......XiE..B6.6Z.c4.8....nf.$Nf&^. d1.w..9'.*..$.(.2N.V.|.&....g...8.E.%].y.G_$8...O.H..4....%..>.N...P.....K..V9Z..4f..Y.,..T.pGi.%.?8.,@..W.'q...g...}p8....y.5r.......)......&....(.WrD_V.er.).h.....t....c~sN..u&S....Z.m|.n..c.-_.A....(...._....X....,.hBD..<Z..Yk.V..._7V...U.........;....'....F..>;B..8.^.f../.:.. a?]..\.l......&@dD.g..y.r.p.g....fG<......M...r.....c..,...FJ,W...2G...d.9Q.4..5{4D...,._Oe.......Csbw.M~......dU.........j.0W.....r...'.s6..S......n...E...V@..e.$V....rfeN7.I...z+..`..R.,.N.]...>z..i#.*.~b.....N'..~0go.].*....I.e.x........[.S......IEND.B`.

                                                                                                                                                                                                                                                  Chrome Cache Entry: 225

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  File Type:Web Open Font Format (Version 2), TrueType, length 18668, version 1.0
                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                  Size (bytes):18668
                                                                                                                                                                                                                                                  Entropy (8bit):7.988119248989337
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                  MD5:8655D20BBCC8CDBFAB17B6BE6CF55DF3
                                                                                                                                                                                                                                                  SHA1:90EDBFA9A7DABB185487B4774076F82EB6412270
                                                                                                                                                                                                                                                  SHA-256:E7AF9D60D875EB1C1B1037BBBFDEC41FCB096D0EBCF98A48717AD8B07906CED6
                                                                                                                                                                                                                                                  SHA-512:47308DE25BD7E4CA27F59A2AE681BA64393FE4070E730C1F00C4053BAC956A9B4F7C0763C04145BC50A5F91C12A0BF80BDD4B03EECC2036CD56B2DB31494CBAF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  URL:https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
                                                                                                                                                                                                                                                  Preview:wOF2......H...........H..........................|.....h.`?STAT^..0..|...........+..2..6.$..`. ..x........z'o..w;....6.E....6....E...'$H.#.....n1X..JU/.d.O..JC.'J".v.v.l.h.....u.S...SY.....B.hz.o.}......W......%m6...A..=....\..m. .]..~.[..........]...I.*.h.=.....6.xt..F....Lt...Qs-.7..{...~BI.".F.Q......F...P..dMw..#I2........Rq.Q&.0@.;..;...3VG..:c.nki..-Q..2##e.u...8n....\?....T..b....^..#...../.J|OM..St....e.S.}!.....>..i.T/a.ES%.W.P3..`..a.R.A.....!~g..74.np8o.....d[6?.P.4)P.....AG.3.......;#0.y....M..O/2.@.4..N.vA$.:M&H,.AT".........@..a.~..L->...0@h...~.._..N"......t......C./g7..............2E.N.J...TW.F..."A.B...n.......i.?.{\.L.!*.B..x...S..!........?.\,... .@.....y"xw.A8.w..!E..-^P O..+.T.r.R.zz..K..].E.....Ri.)g.P...j..w..c.M.F.v../........Q....'...(....X..;.K.!BZ3.........f.....N.A(....cA`.b'...`.~sa*^.....?..../.L.S......t..`@h..C.....>N.W...;>..._h.+~=|......uOGA{.7.....h....q.d.4$.x<.....^0|...@....@Q[RC.0....b....'...*RID

                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                  Entropy (8bit):7.693469005681391
                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                  File name:Setup (1).exe
                                                                                                                                                                                                                                                  File size:142'536 bytes
                                                                                                                                                                                                                                                  MD5:ec427b1bf867dc6fdfdfc2b5219f44de
                                                                                                                                                                                                                                                  SHA1:d23dfcbd02089bc6f13db8dd4cf1f9c5a085d275
                                                                                                                                                                                                                                                  SHA256:9b1d8b1bafd4f496de3e996dc6778ff0c75f37f2e5eaa5a60049d7c8338e7ef5
                                                                                                                                                                                                                                                  SHA512:46b8c187ce0ad0a1e8f99703444b7c0494aaab1d2b275de5d655f01e237a5af7b35399ca70f21dc51db875066ddc7f347dfa3864a8f2bc1970ff56ce8ff3840c
                                                                                                                                                                                                                                                  SSDEEP:3072:tqRaMrUwmuvDWLcKKDiH699VrvaaabJb1TYwC6+5WulEG1Uu:tnx13KeH69nrvaa6TYo+5WoEKU
                                                                                                                                                                                                                                                  TLSH:19D3DF86279845B3FA8175F03967DF2BFA764E4374610A8387727DA36971283CD0A21F
                                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3(..RF..RF..RF.*]...RF..RG.pRF.*]...RF..qv..RF..T@..RF.Rich.RF.........................PE..L...oy.V.................`.........

                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                  Icon Hash:60d81b192413490d

                                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Entrypoint:0x40310d
                                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                                                  DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                  Time Stamp:0x567F796F [Sun Dec 27 05:38:55 2015 UTC]
                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                  OS Version Major:4
                                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                                  File Version Major:4
                                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                                  Import Hash:29b61e5a552b3a9bc00953de1c93be41

                                                                                                                                                                                                                                                  Authenticode Signature

                                                                                                                                                                                                                                                  Signature Valid:true
                                                                                                                                                                                                                                                  Signature Issuer:CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
                                                                                                                                                                                                                                                  Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                                  Error Number:0
                                                                                                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                                                                                                  • 21/03/2020 22:24:45 20/05/2021 17:51:43
                                                                                                                                                                                                                                                  Subject Chain
                                                                                                                                                                                                                                                  • CN=Fast Corporate LTD, O=Fast Corporate LTD, L=Kfar Saba, C=IL
                                                                                                                                                                                                                                                  Version:3
                                                                                                                                                                                                                                                  Thumbprint MD5:609182DDEB26105E8E32FEBE91ED5B11
                                                                                                                                                                                                                                                  Thumbprint SHA-1:930C9C4D910DB2B8522BC4E18CF70C7C1A5B3927
                                                                                                                                                                                                                                                  Thumbprint SHA-256:26A9AD0DA011EFDFFD745BA4644737331414260B452AF58EE8F4BB7AE5342E8A
                                                                                                                                                                                                                                                  Serial:00D6A5C821A6FB7C3C

                                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                  sub esp, 00000180h
                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                                  push edi
                                                                                                                                                                                                                                                  xor ebx, ebx
                                                                                                                                                                                                                                                  push 00008001h
                                                                                                                                                                                                                                                  mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                                                                                                  mov dword ptr [esp+14h], 00409188h
                                                                                                                                                                                                                                                  xor esi, esi
                                                                                                                                                                                                                                                  mov byte ptr [esp+18h], 00000020h
                                                                                                                                                                                                                                                  call dword ptr [004070B4h]
                                                                                                                                                                                                                                                  call dword ptr [004070B0h]
                                                                                                                                                                                                                                                  cmp ax, 00000006h
                                                                                                                                                                                                                                                  je 00007F329D4B83F3h
                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                  call 00007F329D4BB1C9h
                                                                                                                                                                                                                                                  cmp eax, ebx
                                                                                                                                                                                                                                                  je 00007F329D4B83E9h
                                                                                                                                                                                                                                                  push 00000C00h
                                                                                                                                                                                                                                                  call eax
                                                                                                                                                                                                                                                  push 0040917Ch
                                                                                                                                                                                                                                                  call 00007F329D4BB14Ah
                                                                                                                                                                                                                                                  push 00409174h
                                                                                                                                                                                                                                                  call 00007F329D4BB140h
                                                                                                                                                                                                                                                  push 00409168h
                                                                                                                                                                                                                                                  call 00007F329D4BB136h
                                                                                                                                                                                                                                                  push 0000000Dh
                                                                                                                                                                                                                                                  call 00007F329D4BB199h
                                                                                                                                                                                                                                                  push 0000000Bh
                                                                                                                                                                                                                                                  call 00007F329D4BB192h
                                                                                                                                                                                                                                                  mov dword ptr [0042EC44h], eax
                                                                                                                                                                                                                                                  call dword ptr [00407034h]
                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                  call dword ptr [00407270h]
                                                                                                                                                                                                                                                  mov dword ptr [0042ECF8h], eax
                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                  lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                                                  push 00000160h
                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                  push 00429078h
                                                                                                                                                                                                                                                  call dword ptr [00407160h]
                                                                                                                                                                                                                                                  push 0040915Ch
                                                                                                                                                                                                                                                  push 0042E440h
                                                                                                                                                                                                                                                  call 00007F329D4BADC9h
                                                                                                                                                                                                                                                  call dword ptr [004070ACh]
                                                                                                                                                                                                                                                  mov ebp, 00434000h
                                                                                                                                                                                                                                                  push eax
                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                  call 00007F329D4BADB7h
                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                  call dword ptr [00407144h]

                                                                                                                                                                                                                                                  Rich Headers

                                                                                                                                                                                                                                                  Programming Language:
                                                                                                                                                                                                                                                  • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x74d80xa0.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x3f0000x1f78.rsrc
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x1f6100x36b8.data
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x70000x280.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                  .text0x10000x5e3c0x60001a13b408c917b27c9106545148d3b8d3False0.6686197916666666data6.432295288512854IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .rdata0x70000x126a0x1400921acf8cb0aea87c0603fa899765fcc2False0.43359375data5.00588726544978IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .data0x90000x25d380x600797517c6ef57aa95d53df2cf07568953False0.474609375data4.291756049727371IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .ndata0x2f0000x100000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .rsrc0x3f0000x1f780x20008ee48031ec18cba37f9a5079c63bfdbdFalse0.2716064453125data4.3798911673501575IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                  RT_ICON0x3f1f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.15478424015009382
                                                                                                                                                                                                                                                  RT_ICON0x402980x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.3953900709219858
                                                                                                                                                                                                                                                  RT_DIALOG0x407000x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                                                                                  RT_DIALOG0x409080xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                                                                  RT_DIALOG0x40a000xa0dataEnglishUnited States0.60625
                                                                                                                                                                                                                                                  RT_DIALOG0x40aa00xeedataEnglishUnited States0.6260504201680672
                                                                                                                                                                                                                                                  RT_GROUP_ICON0x40b900x22dataEnglishUnited States1.0
                                                                                                                                                                                                                                                  RT_MANIFEST0x40bb80x3beXML 1.0 document, ASCII text, with very long lines (958), with no line terminatorsEnglishUnited States0.5187891440501043

                                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                  KERNEL32.dllSetFileAttributesA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CompareFileTime, SearchPathA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, CreateDirectoryA, lstrcmpiA, GetCommandLineA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, LoadLibraryA, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, WaitForSingleObject, GetWindowsDirectoryA, GetTempPathA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, LoadLibraryExA, GetModuleHandleA, MultiByteToWideChar, FreeLibrary
                                                                                                                                                                                                                                                  USER32.dllGetWindowRect, EnableMenuItem, GetSystemMenu, ScreenToClient, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, PostQuitMessage, RegisterClassA, EndDialog, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, OpenClipboard, TrackPopupMenu, SendMessageTimeoutA, GetDC, LoadImageA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, SetWindowLongA, EmptyClipboard, SetTimer, CreateDialogParamA, wsprintfA, ShowWindow, SetWindowTextA
                                                                                                                                                                                                                                                  GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                                                                                                  SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                                                                                                                                                                                                                                  ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                                                                                                                                                                  COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                                                                                                                                                  ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:10.394032001 CET49676443192.168.2.852.182.143.211
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:11.519037008 CET49673443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:12.628328085 CET49672443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.373287916 CET49709443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.373316050 CET44349709161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.373402119 CET49709443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.403003931 CET49709443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.403021097 CET44349709161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.660501003 CET44349709161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.660605907 CET49709443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.761697054 CET49709443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.761719942 CET44349709161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.762101889 CET44349709161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.762170076 CET49709443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.766580105 CET49709443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.813911915 CET44349709161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.918834925 CET44349709161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.918909073 CET44349709161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.918924093 CET49709443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.918963909 CET49709443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.927012920 CET49709443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.927033901 CET44349709161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.819170952 CET49711443192.168.2.874.125.138.113
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.819210052 CET4434971174.125.138.113192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.819278002 CET49711443192.168.2.874.125.138.113
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.819552898 CET49711443192.168.2.874.125.138.113
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.819566011 CET4434971174.125.138.113192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.819931984 CET49712443192.168.2.874.125.136.84
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.819940090 CET4434971274.125.136.84192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.819993019 CET49712443192.168.2.874.125.136.84
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.820188046 CET49712443192.168.2.874.125.136.84
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.820199966 CET4434971274.125.136.84192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.857244015 CET49713443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.857270002 CET44349713161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.857342958 CET49713443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.860367060 CET49714443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.860394955 CET44349714161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.860450983 CET49714443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.861058950 CET49714443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.861076117 CET44349714161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.861361027 CET49713443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.861373901 CET44349713161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.057468891 CET4434971274.125.136.84192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.057745934 CET49712443192.168.2.874.125.136.84
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.057754993 CET4434971274.125.136.84192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.059206963 CET4434971274.125.136.84192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.059267998 CET49712443192.168.2.874.125.136.84
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.060403109 CET4434971174.125.138.113192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.060534000 CET49712443192.168.2.874.125.136.84
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.060605049 CET4434971274.125.136.84192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.060733080 CET49711443192.168.2.874.125.138.113
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.060739994 CET4434971174.125.138.113192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.060973883 CET49712443192.168.2.874.125.136.84
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.060983896 CET4434971274.125.136.84192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.061302900 CET4434971174.125.138.113192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.061368942 CET49711443192.168.2.874.125.138.113
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.062428951 CET4434971174.125.138.113192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.062500954 CET49711443192.168.2.874.125.138.113
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.064055920 CET49711443192.168.2.874.125.138.113
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.064160109 CET4434971174.125.138.113192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.064188957 CET49711443192.168.2.874.125.138.113
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.107697010 CET49712443192.168.2.874.125.136.84
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.107777119 CET49711443192.168.2.874.125.138.113
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.107784033 CET4434971174.125.138.113192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.122658014 CET44349714161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.123106956 CET49714443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.123116970 CET44349714161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.124505997 CET44349714161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.124593973 CET49714443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.124644041 CET44349713161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.126873016 CET49713443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.126883984 CET44349713161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.127278090 CET49714443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.127340078 CET44349714161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.127646923 CET49714443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.127652884 CET44349714161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.129051924 CET44349713161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.129117012 CET49713443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.129443884 CET49713443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.129581928 CET44349713161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.154270887 CET49711443192.168.2.874.125.138.113
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.169583082 CET49714443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.169620037 CET49713443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.169627905 CET44349713161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.216660976 CET49713443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.266558886 CET4434971174.125.138.113192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.266755104 CET4434971174.125.138.113192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.266835928 CET49711443192.168.2.874.125.138.113
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.269330978 CET49711443192.168.2.874.125.138.113
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.269349098 CET4434971174.125.138.113192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.272306919 CET4434971274.125.136.84192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.272397995 CET49712443192.168.2.874.125.136.84
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.272408009 CET4434971274.125.136.84192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.272479057 CET4434971274.125.136.84192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.272536039 CET49712443192.168.2.874.125.136.84
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.275084972 CET49712443192.168.2.874.125.136.84
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.275094032 CET4434971274.125.136.84192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.378942966 CET44349714161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.379034042 CET44349714161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.379086018 CET49714443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.379479885 CET49714443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.379492998 CET44349714161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.406243086 CET49713443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.453901052 CET44349713161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.549195051 CET44349713161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.549231052 CET44349713161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.549240112 CET44349713161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.549266100 CET44349713161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.549274921 CET44349713161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.549282074 CET49713443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.549299955 CET44349713161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.549314022 CET49713443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.549344063 CET49713443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.549345016 CET44349713161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.549434900 CET49713443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.550652027 CET49713443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.550663948 CET44349713161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.563302040 CET49717443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.563335896 CET44349717161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.563458920 CET49717443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.565385103 CET49717443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.565396070 CET44349717161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.568603992 CET49718443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.568636894 CET44349718161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.568711042 CET49718443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.569052935 CET49718443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.569067001 CET44349718161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.787837982 CET49719443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.787873030 CET44349719161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.787945032 CET49719443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.788434029 CET49719443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.788450003 CET44349719161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.808250904 CET44349717161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.810503006 CET49717443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.810514927 CET44349717161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.810944080 CET44349717161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.811337948 CET49717443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.811393976 CET44349717161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.811615944 CET49717443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.813462973 CET44349718161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.813724041 CET49718443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.813734055 CET44349718161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.814251900 CET44349718161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.814677000 CET49718443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.814771891 CET44349718161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.814802885 CET49718443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.855099916 CET49718443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.855117083 CET44349718161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:21.857903957 CET44349717161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.037395000 CET44349719161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.037735939 CET49719443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.037777901 CET44349719161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.038847923 CET44349719161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.038909912 CET49719443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.039370060 CET49719443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.039444923 CET44349719161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.039674044 CET49719443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.039686918 CET44349719161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.067819118 CET44349717161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.067838907 CET44349717161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.067894936 CET49717443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.067905903 CET44349717161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.067945004 CET44349717161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.068017006 CET49717443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.068608999 CET49717443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.068622112 CET44349717161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.077780962 CET49718443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.077871084 CET44349718161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.077964067 CET49718443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.078372002 CET49719443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.078480005 CET44349719161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.078540087 CET49719443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.094350100 CET49720443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.094389915 CET44349720161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.094536066 CET49720443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.096131086 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.096158028 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.096281052 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.096573114 CET49720443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.096587896 CET44349720161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.096975088 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.096990108 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.229657888 CET49672443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.363718987 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.363996983 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.364006996 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.364521980 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.364674091 CET49723443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.364753962 CET44349723161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.364898920 CET49723443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.364948034 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.365045071 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.365051985 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.365782022 CET49723443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.365818024 CET44349723161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.382751942 CET44349720161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.383055925 CET49720443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.383065939 CET44349720161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.384120941 CET44349720161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.384181976 CET49720443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.384509087 CET49720443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.384582996 CET44349720161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.384984016 CET49720443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.384990931 CET44349720161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.409898043 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.414593935 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.432722092 CET49720443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.617590904 CET44349720161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.617677927 CET44349720161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.617741108 CET49720443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.618185043 CET49720443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.618205070 CET44349720161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.632240057 CET44349723161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.632550955 CET49723443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.648873091 CET49723443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.648900986 CET44349723161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.651808023 CET49723443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.651825905 CET44349723161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.758846998 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.758887053 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.758898973 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.758924007 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.758932114 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.758949995 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.758963108 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.759001017 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.759028912 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.759042025 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.759073019 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.759097099 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.759102106 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.759126902 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.808506012 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.862282038 CET49725443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.862293005 CET4434972537.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.862350941 CET49725443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.866561890 CET49725443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.866576910 CET4434972537.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.881057978 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.881097078 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.881114006 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.881124020 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.881177902 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.881187916 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.881202936 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.881222963 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.881226063 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.881239891 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.881253958 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.881288052 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.887101889 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.887126923 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.887170076 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.887177944 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.887221098 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.896143913 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.896205902 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.896213055 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.896238089 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.896291018 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.896437883 CET49721443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.896451950 CET44349721161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.905930042 CET44349723161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.906008005 CET49723443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.906009912 CET44349723161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.906079054 CET49723443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.983232975 CET49723443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.983268023 CET44349723161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.124872923 CET4434972537.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.125119925 CET49725443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.125143051 CET4434972537.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.126192093 CET4434972537.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.126245975 CET49725443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.127350092 CET49725443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.127403975 CET4434972537.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.127518892 CET49725443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.127526045 CET4434972537.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.167531967 CET49725443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.290431976 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.290452003 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.290535927 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.291258097 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.291270971 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.365287066 CET4434972537.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.365957975 CET4434972537.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.366116047 CET49725443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.367360115 CET49725443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.367372036 CET4434972537.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.391084909 CET49729443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.391114950 CET44349729161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.391165972 CET49729443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.391423941 CET49729443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.391436100 CET44349729161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.541424990 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.541498899 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.549896002 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.549901962 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.550214052 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.550350904 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.550736904 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.593895912 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.598239899 CET49730443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.598267078 CET4434973037.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.598328114 CET49730443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.598740101 CET49730443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.598751068 CET4434973037.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.619899988 CET4434970823.206.229.226192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.619985104 CET49708443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.634730101 CET44349729161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.635004044 CET49729443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.635013103 CET44349729161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.635354996 CET44349729161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.635790110 CET49729443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.635843992 CET44349729161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.636375904 CET49729443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.677901030 CET44349729161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.842091084 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.842124939 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.842140913 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.842159986 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.842168093 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.842195988 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.842243910 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.849425077 CET4434973037.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.849677086 CET49730443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.849687099 CET4434973037.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.850763083 CET4434973037.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.850873947 CET49730443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.851224899 CET49730443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.851290941 CET4434973037.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.851392031 CET49730443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.891138077 CET49730443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.891144991 CET4434973037.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.895255089 CET44349729161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.895278931 CET44349729161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.895340919 CET49729443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.895348072 CET44349729161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.895622969 CET44349729161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.895679951 CET49729443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.896527052 CET49729443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.896553040 CET44349729161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.932374001 CET49730443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.947981119 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.948012114 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.948116064 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.948133945 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.948914051 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.996515989 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.996568918 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.996646881 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.996654987 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.996699095 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.045248032 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.045270920 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.045325994 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.045344114 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.045376062 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.045394897 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.052958965 CET49732443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.053000927 CET44349732161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.053169966 CET49732443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.053447008 CET49732443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.053459883 CET44349732161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.072809935 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.072859049 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.072912931 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.072927952 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.072963953 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.072990894 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.094528913 CET4434973037.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.094834089 CET4434973037.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.096512079 CET49730443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.096667051 CET49730443192.168.2.837.19.206.5
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.096682072 CET4434973037.19.206.5192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.104170084 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.104216099 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.104259014 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.104268074 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.104307890 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.131405115 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.131455898 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.131520987 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.131536007 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.131562948 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.131582022 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.159789085 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.159815073 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.159895897 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.159909010 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.159944057 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.178880930 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.178950071 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.178992033 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.179001093 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.179044962 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.193783998 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.193809032 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.193869114 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.193875074 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.193921089 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.209620953 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.209636927 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.209683895 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.209688902 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.209718943 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.209738016 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.222397089 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.222414970 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.222475052 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.222480059 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.222532034 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.236349106 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.236366034 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.236460924 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.236465931 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.236896992 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.247736931 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.247769117 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.247833967 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.247838020 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.247874022 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.260474920 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.260492086 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.260541916 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.260546923 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.260582924 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.260598898 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.271032095 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.271051884 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.271121979 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.271128893 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.271166086 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.281153917 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.281172037 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.281229019 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.281235933 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.281266928 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.281281948 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.292346001 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.292376995 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.292437077 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.292444944 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.292476892 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.296251059 CET44349732161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.297161102 CET49732443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.297183990 CET44349732161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.298266888 CET44349732161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.298346043 CET49732443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.298643112 CET49732443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.298705101 CET44349732161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.298778057 CET49732443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.301310062 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.301328897 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.301403046 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.301412106 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.304910898 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.311124086 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.311144114 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.311220884 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.311228037 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.311260939 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.319062948 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.319084883 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.319166899 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.319174051 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.324911118 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.327807903 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.327827930 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.327893019 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.327898979 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.327935934 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.327953100 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.335032940 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.335057020 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.335155010 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.335161924 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.335196972 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.340229988 CET49732443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.340251923 CET44349732161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.342885017 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.342909098 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.342962027 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.342967033 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.343017101 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.349355936 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.349381924 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.349433899 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.349440098 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.349481106 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.355496883 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.355516911 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.355573893 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.355581045 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.355609894 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.362392902 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.362415075 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.362500906 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.362507105 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.362554073 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.368050098 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.368065119 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.368149996 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.368154049 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.368891001 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.374418974 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.374435902 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.374490976 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.374495983 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.374551058 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.379664898 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.379684925 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.379748106 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.379753113 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.379796982 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.385492086 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.385509968 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.385596991 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.385603905 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.386023045 CET49732443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.386046886 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.390791893 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.390810013 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.390875101 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.390881062 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.392887115 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.395487070 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.395504951 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.395556927 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.395562887 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.396883965 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.400130987 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.400149107 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.400222063 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.400227070 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.400252104 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.400276899 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.405267000 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.405287027 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.405348063 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.405353069 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.405392885 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.405409098 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.409672022 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.409688950 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.409769058 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.409775019 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.412918091 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.414402008 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.414422989 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.414525032 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.414525032 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.414530993 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.414573908 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.418525934 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.418543100 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.418612003 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.418617010 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.418649912 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.423202991 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.423221111 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.423270941 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.423275948 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.423315048 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.424499035 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.426788092 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.426801920 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.426851988 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.426856041 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.426881075 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.426898003 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.430675030 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.430694103 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.430748940 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.430753946 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.430789948 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.435396910 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.435415030 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.435493946 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.435498953 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.435558081 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.439119101 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.439137936 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.439205885 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.439209938 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.439244032 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.442785978 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.442811012 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.442858934 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.442858934 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.442864895 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.442890882 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.442919016 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.447211027 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.447227955 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.447314978 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.447320938 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.447599888 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.450670004 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.450687885 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.450756073 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.450759888 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.450813055 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.454099894 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.454118967 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.454190016 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.454195023 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.456898928 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.458256960 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.458272934 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.458327055 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.458332062 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.460738897 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.461556911 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.461574078 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.461639881 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.461643934 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.461898088 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.464804888 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.464821100 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.464893103 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.464899063 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.468065977 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.468086958 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.468138933 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.468143940 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.468173027 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.468199015 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.471826077 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.471838951 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.471904993 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.471910000 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.471935034 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.471952915 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.474858999 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.474875927 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.474948883 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.474953890 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.474988937 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.477849960 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.477865934 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.477941990 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.477946997 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.478212118 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.481048107 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.481064081 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.481122971 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.481127977 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.481425047 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.483964920 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.483978987 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.484044075 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.484049082 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.484214067 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.487668037 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.487692118 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.487740993 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.487745047 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.487773895 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.487783909 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.490406990 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.490422964 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.490494013 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.490499973 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.490784883 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.493098974 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.493114948 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.493191004 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.493196964 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.493240118 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.495853901 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.495871067 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.495949984 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.495954990 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.496011972 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.498495102 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.498511076 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.498575926 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.498580933 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.498698950 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.501899004 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.501914978 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.501972914 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.501977921 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.502229929 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.504699945 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.504714012 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.504770041 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.504774094 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.504884005 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.506931067 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.506946087 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.506999016 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.507003069 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.507230997 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.509560108 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.509574890 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.509629965 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.509634018 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.509844065 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.511811972 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.511827946 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.511904001 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.511908054 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.511945963 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.514940977 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.514961004 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.515003920 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.515008926 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.515033007 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.515052080 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.516951084 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.516966105 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.517028093 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.517033100 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.517256021 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.519813061 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.519828081 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.519890070 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.519895077 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.520109892 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.521728992 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.521744013 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.521799088 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.521804094 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.522020102 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.524492979 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.524507999 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.524580002 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.524585009 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.524841070 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.527199030 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.527213097 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.527266026 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.527271032 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.527493000 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.528997898 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.529015064 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.529088974 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.529093027 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.529130936 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.531634092 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.531650066 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.531706095 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.531711102 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.531755924 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.533448935 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.533464909 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.533508062 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.533512115 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.533536911 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.533551931 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.535914898 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.535931110 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.535984039 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.535988092 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.536885977 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.537683964 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.537702084 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.537751913 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.537755966 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.540160894 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.540180922 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.540229082 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.540235043 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.540263891 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.540887117 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.542618990 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.542635918 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.542686939 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.542691946 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.544378042 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.544394970 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.544461966 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.544471979 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.544888020 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.546334982 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.546350002 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.546402931 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.546407938 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.548247099 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.548263073 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.548295975 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.548300028 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.548331022 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.548353910 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.550126076 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.550142050 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.550196886 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.550201893 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.550312996 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.552431107 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.552444935 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.552498102 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.552503109 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.552741051 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.554234982 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.554251909 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.554306030 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.554310083 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.554342031 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.554356098 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.554438114 CET44349732161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.554464102 CET44349732161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.554471970 CET44349732161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.554517984 CET49732443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.554538012 CET44349732161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.554554939 CET44349732161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.554596901 CET49732443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.555315971 CET49732443192.168.2.8161.35.127.181
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.555332899 CET44349732161.35.127.181192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.556088924 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.556128979 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.556236982 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.556241989 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.556269884 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.556277037 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.557857990 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.557873964 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.557940006 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.557945013 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.559140921 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.560396910 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.560412884 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.560478926 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.560482979 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.560528994 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.562138081 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.562160969 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.562201023 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.562208891 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.562269926 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.562269926 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.563891888 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.563909054 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.563965082 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.563970089 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.563997984 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.564023018 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.565638065 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.565653086 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.565705061 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.565709114 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.566015005 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.567323923 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.567339897 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.567389011 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.567395926 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.567419052 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.567430019 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.569123983 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.569139957 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.569200039 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.569205046 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.569443941 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.570794106 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.570808887 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.570856094 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.570859909 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.570888042 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.570902109 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.572638988 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.572654009 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.572725058 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.572730064 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.572882891 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.574644089 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.574659109 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.574723005 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.574727058 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.576436043 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.576459885 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.576514006 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.576518059 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.576545000 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.576592922 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.577986956 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.578002930 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.578067064 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.578073025 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.578107119 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.579981089 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.579999924 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.580065012 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.580070972 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.580107927 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.580116987 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.580842018 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.580869913 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.580909967 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.580916882 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.580950975 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.582591057 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.582612038 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.582680941 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.582688093 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.584081888 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.584110022 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.584161997 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.584167957 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.584197044 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.584223032 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.585916042 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.585937023 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.585999012 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.586005926 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.586019993 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.586033106 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.587565899 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.587589025 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.587634087 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.587640047 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.587673903 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.589312077 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.589329004 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.589387894 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.589392900 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.589417934 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.589433908 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.590538025 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.590558052 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.590621948 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.590627909 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.590666056 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.592433929 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.592456102 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.592514992 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.592519999 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.592556000 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.594310045 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.594330072 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.594402075 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.594407082 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.594511986 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.595242977 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.595261097 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.595303059 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.595308065 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.595346928 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.597783089 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.597805977 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.597850084 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.597856998 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.597898006 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.598510027 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.598526955 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.598578930 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.598583937 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.598618031 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.600358009 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.600383997 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.600435972 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.600441933 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.600475073 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.602747917 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.602771997 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.602838993 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.602845907 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.602873087 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.606220007 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.606240034 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.606297016 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.606302977 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.606338024 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.607283115 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.607300043 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.607347965 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.607352018 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.607377052 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.608681917 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.608696938 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.608741045 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.608746052 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.608891010 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.610294104 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.610308886 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.610352993 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.610357046 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.610605955 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.611371040 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.611385107 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.611430883 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.611434937 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.611673117 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.613322020 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.613342047 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.613387108 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.613390923 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.613631964 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.614226103 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.614239931 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.614285946 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.614289999 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.614526033 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.615964890 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.615978956 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.616024971 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.616029978 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.616264105 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.616708040 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.616723061 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.616766930 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.616770983 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.616791964 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.616806030 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.618577957 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.618592978 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.618637085 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.618640900 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.618895054 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.619513988 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.619528055 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.619568110 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.619571924 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.619802952 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.621304035 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.621319056 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.621378899 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.621382952 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.621413946 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.622256994 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.622272015 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.622325897 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.622329950 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.623117924 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.624031067 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.624047041 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.624095917 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.624100924 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.624126911 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.624993086 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.625005960 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.625052929 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.625056982 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.625298977 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.625914097 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.625930071 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.625969887 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.625973940 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.626214027 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.627729893 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.627743959 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.627791882 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.627795935 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.628027916 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.628892899 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.628907919 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.628956079 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.628959894 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.629203081 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.629872084 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.629894018 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.629926920 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.629930973 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.629951954 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.629966021 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.630925894 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.630940914 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.630985975 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.630990028 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.631228924 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.632718086 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.632736921 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.632776022 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.632781029 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.632798910 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.632812977 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.633934975 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.633950949 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.633996964 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.634001017 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.634248972 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.635010958 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.635025978 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.635072947 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.635076046 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.635349035 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.635993004 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.636007071 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.636054039 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.636058092 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.636307955 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.637773991 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.637789011 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.637834072 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.637837887 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.638088942 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.638745070 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.638758898 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.638803959 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.638808966 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.639072895 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.639662981 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.639678001 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.639733076 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.639735937 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.639996052 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.640657902 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.640674114 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.640758038 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.640763998 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.640880108 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.642319918 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.642335892 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.642381907 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.642385960 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.642630100 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.643384933 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.643397093 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.643439054 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.643443108 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.643671989 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.644229889 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.644243956 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.644298077 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.644309044 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.644539118 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.645520926 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.645534992 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.645581007 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.645585060 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.645836115 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.646430016 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.646445036 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.646490097 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.646493912 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.646744013 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.647667885 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.647681952 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.647726059 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.647730112 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.647977114 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.649158955 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.649179935 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.649224043 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.649228096 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.649491072 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.649929047 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.649946928 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.649991035 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.649996042 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.650238991 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.651468039 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.651483059 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.651531935 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.651535988 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.651560068 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.651575089 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.652260065 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.652275085 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.652523994 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.652528048 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.652553082 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.653445005 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.653458118 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.653506994 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.653512001 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.654712915 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.654732943 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.654767990 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.654772043 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.654791117 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.654815912 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.655468941 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.655483961 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.655579090 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.655582905 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.655606985 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.655632019 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.656392097 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.656407118 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.656440020 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.656444073 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.656469107 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.656481981 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.657313108 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.657329082 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.657391071 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.657394886 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.658932924 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.658967018 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.659007072 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.659012079 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.659028053 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.659054041 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.659646034 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.659661055 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.659712076 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.659715891 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.660574913 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.660592079 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.660640001 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.660645008 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.660671949 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.661631107 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.661643982 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.661696911 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.661701918 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.661726952 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.662571907 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.662587881 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.662702084 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.662705898 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.663583994 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.663602114 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.663656950 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.663661003 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.664892912 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.665044069 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.665059090 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.665103912 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.665107965 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.666016102 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.666035891 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.666076899 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.666081905 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.666110992 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.666970015 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.666996002 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.667031050 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.667035103 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.667052031 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.667068958 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.667803049 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.667818069 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.667862892 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.667866945 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.667893887 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.668991089 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.669004917 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.669069052 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.669073105 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.669099092 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.670073986 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.670088053 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.670123100 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.670126915 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.670154095 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.670169115 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.670958042 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.670970917 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.671010017 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.671014071 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.671040058 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.671051979 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.671885014 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.671900034 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.671936989 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.671940088 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.671963930 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.671978951 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.672930002 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.672943115 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.672993898 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.672997952 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.673022985 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.673033953 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.673831940 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.673844099 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.673882008 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.673892975 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.673907995 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.673921108 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.674793005 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.674807072 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.674844980 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.674848080 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.674871922 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.674887896 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.675740004 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.675753117 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.675791979 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.675796032 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.676688910 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.676706076 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.676747084 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.676750898 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.676871061 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.677467108 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.677479982 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.677517891 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.677521944 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.678411007 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.678426981 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.678459883 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.678472042 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.678483963 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.678500891 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.679364920 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.679378033 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.679419994 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.679424047 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.679456949 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.680265903 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.680283070 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.680325031 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.680329084 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.680582047 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.681560040 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.681576014 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.681617975 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.681622982 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.681651115 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.682477951 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.682492971 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.682544947 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.682549000 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.682576895 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.682591915 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.683425903 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.683440924 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.683475018 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.683479071 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.683504105 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.683520079 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.684367895 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.684381962 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.684412956 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.684417009 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.684442043 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.684457064 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.685259104 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.685275078 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.685313940 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.685317993 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.685345888 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.685359955 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.685878992 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.685902119 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.685950041 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.685955048 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.685986042 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.686000109 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.686969995 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.686986923 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.687025070 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.687028885 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.687052011 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.687067986 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.687788963 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.687804937 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.687860966 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.687865019 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.688781023 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.688800097 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.688838959 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.688844919 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.688874006 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.688893080 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.689416885 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.689435005 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.689486980 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.689492941 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.690360069 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.690378904 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.690457106 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.690463066 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.690896988 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.691359997 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.691375971 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.691431046 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.691437006 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.692217112 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.692234993 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.692284107 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.692289114 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.692312956 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.692339897 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.693021059 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.693034887 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.693099022 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.693104029 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.693770885 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.693795919 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.693850994 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.693856001 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.693882942 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.693897009 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.694654942 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.694669962 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.694729090 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.694734097 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.695394993 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.695419073 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.695456982 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.695461035 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.695487976 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.695525885 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.695566893 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.695744991 CET49728443192.168.2.889.187.173.22
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.695759058 CET4434972889.187.173.22192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.991564035 CET49736443192.168.2.874.125.138.99
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.991614103 CET4434973674.125.138.99192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.991700888 CET49736443192.168.2.874.125.138.99
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.992158890 CET49736443192.168.2.874.125.138.99
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.992173910 CET4434973674.125.138.99192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.077482939 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.077539921 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.077604055 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.078372002 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.078389883 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.208873987 CET4434973674.125.138.99192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.209230900 CET49736443192.168.2.874.125.138.99
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.209273100 CET4434973674.125.138.99192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.210336924 CET4434973674.125.138.99192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.210410118 CET49736443192.168.2.874.125.138.99
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.212008953 CET49736443192.168.2.874.125.138.99
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.212093115 CET4434973674.125.138.99192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.263573885 CET49736443192.168.2.874.125.138.99
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.263590097 CET4434973674.125.138.99192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.310899973 CET49736443192.168.2.874.125.138.99
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.315699100 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.315792084 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.320764065 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.320785999 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.321208000 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.321283102 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.321680069 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.365910053 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.593934059 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.594002008 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.609719038 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.609729052 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.609761953 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.609822989 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.609843969 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.609874010 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.609903097 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.628597021 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.628621101 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.628683090 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.628699064 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.628741980 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.706372023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.706443071 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.725214958 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.725234985 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.725292921 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.725306988 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.725341082 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.725367069 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.744105101 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.744126081 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.744174957 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.744189978 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.744231939 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.744252920 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.764614105 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.764642000 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.764694929 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.764705896 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.764740944 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.764753103 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.818686008 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.818707943 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.818826914 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.818839073 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.818885088 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.828442097 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.828496933 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.828528881 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.828538895 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.828571081 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.828593016 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.842947006 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.842991114 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.843028069 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.843039036 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.843065977 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.843086958 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.858467102 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.858486891 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.858551979 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.858577013 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.858618021 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.875047922 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.875070095 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.875173092 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.875185013 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.875226021 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.887609959 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.887693882 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.887739897 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.887756109 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.887777090 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.887809038 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.902038097 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.902070999 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.902121067 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.902132988 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.902163029 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.902184010 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.915263891 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.915291071 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.915337086 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.915353060 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.915376902 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.915396929 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.927499056 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.927520990 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.927613974 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.927624941 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.927670002 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.939304113 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.939331055 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.939431906 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.939443111 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.939518929 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.949700117 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.949721098 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.949809074 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.949817896 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.949861050 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.959112883 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.959132910 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.959252119 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.959275961 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.959317923 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.967518091 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.967539072 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.967628956 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.967644930 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.967713118 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.976433992 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.976455927 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.976526022 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.976536036 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.976589918 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.984282970 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.984317064 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.984388113 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.984397888 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.984443903 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.992630005 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.992650986 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.992692947 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.992702961 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.992717981 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.992748022 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.001404047 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.001425028 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.001501083 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.001512051 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.001554012 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.009227037 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.009248018 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.009299040 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.009330988 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.009345055 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.009366035 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.016288042 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.016309977 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.016410112 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.016419888 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.016459942 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.023653030 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.023677111 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.023753881 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.023768902 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.023809910 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.030651093 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.030683041 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.030776978 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.030786991 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.030811071 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.030837059 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.036111116 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.036134005 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.036206007 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.036215067 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.036245108 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.036269903 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.041906118 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.041965961 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.042000055 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.042009115 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.042038918 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.042052984 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.048144102 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.048166037 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.048247099 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.048258066 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.048301935 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.053656101 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.053677082 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.053723097 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.053733110 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.053760052 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.053785086 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.058588028 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.058610916 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.058693886 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.058702946 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.058747053 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.063447952 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.063469887 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.063514948 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.063525915 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.063556910 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.063577890 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.067765951 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.067791939 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.067830086 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.067837954 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.067878008 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.072386026 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.072407961 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.072458029 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.072482109 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.072508097 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.072527885 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.076488018 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.076522112 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.076591969 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.076602936 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.076630116 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.076653004 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.080918074 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.080940008 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.081029892 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.081041098 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.081082106 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.085553885 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.085573912 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.085644007 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.085650921 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.085664034 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.085697889 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.089195013 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.089216948 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.089294910 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.089304924 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.089346886 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.093928099 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.093955040 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.094021082 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.094028950 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.094057083 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.094079971 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.098026991 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.098051071 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.098117113 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.098125935 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.098160028 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.098185062 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.101707935 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.101758003 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.101824999 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.101834059 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.101860046 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.101891994 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.105587006 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.105609894 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.105696917 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.105731010 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.105777979 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.109110117 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.109131098 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.109184027 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.109194040 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.109213114 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.109239101 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.110888004 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.110950947 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.111661911 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.111716032 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.115478992 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.115499973 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.115545034 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.115556955 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.115572929 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.115590096 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.119179964 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.119199991 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.119245052 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.119255066 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.119281054 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.119298935 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.122389078 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.122411013 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.122450113 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.122471094 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.122502089 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.122524023 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.125911951 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.125933886 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.126039982 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.126066923 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.126110077 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.129388094 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.129412889 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.129462004 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.129482985 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.129502058 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.129532099 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.132426023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.132457972 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.132498026 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.132508039 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.132549047 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.135543108 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.135562897 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.135637045 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.135649920 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.135665894 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.135688066 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.138834000 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.138856888 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.138935089 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.138947010 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.138994932 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.142482996 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.142503023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.142723083 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.142723083 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.142736912 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.142792940 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.144977093 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.144998074 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.145062923 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.145072937 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.145116091 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.148868084 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.148890972 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.148941040 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.148951054 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.148964882 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.148998022 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.151851892 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.151874065 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.151932001 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.151942015 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.151977062 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.151990891 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.154661894 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.154680967 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.154767036 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.154778004 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.154819965 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.157519102 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.157537937 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.157604933 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.157617092 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.157658100 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.160197973 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.160233974 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.160281897 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.160291910 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.160305977 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.160337925 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.161149025 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.161205053 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.162190914 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.162246943 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.164793015 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.164813042 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.164861917 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.164875031 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.164890051 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.164918900 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.167360067 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.167378902 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.167418957 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.167433023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.167447090 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.167478085 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.169905901 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.169926882 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.169996023 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.170006037 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.170021057 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.170053005 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.172848940 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.172869921 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.172919989 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.172929049 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.172955990 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.172974110 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.175281048 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.175301075 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.175355911 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.175367117 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.175385952 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.175420046 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.177686930 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.177706957 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.177762032 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.177772999 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.177817106 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.180397987 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.180417061 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.180457115 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.180468082 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.180488110 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.180517912 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.182849884 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.182869911 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.182929039 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.182936907 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.182984114 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.182984114 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.185652971 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.185673952 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.185755968 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.185765982 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.185806036 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.187551975 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.187575102 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.187630892 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.187638998 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.187680006 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.190263987 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.190284967 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.190324068 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.190331936 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.190352917 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.190376043 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.192146063 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.192169905 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.192204952 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.192213058 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.192239046 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.192259073 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.194794893 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.194813967 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.194869041 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.194878101 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.194916010 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.196671963 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.196693897 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.196739912 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.196748018 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.196794987 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.199121952 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.199151039 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.199194908 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.199203968 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.199233055 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.199256897 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.201005936 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.201030970 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.201071978 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.201080084 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.201134920 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.203423023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.203445911 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.203485966 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.203495026 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.203531027 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.203555107 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.205147028 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.205168962 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.205204010 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.205213070 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.205235004 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.205261946 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.207132101 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.207153082 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.207235098 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.207235098 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.207243919 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.207304001 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.209353924 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.209389925 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.209415913 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.209424973 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.209454060 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.209484100 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.211200953 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.211220980 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.211262941 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.211271048 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.211324930 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.213099003 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.213124990 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.213164091 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.213171959 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.213211060 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.215770960 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.215792894 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.215862036 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.215869904 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.215908051 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.215929985 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.217291117 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.217312098 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.217349052 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.217355967 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.217392921 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.218998909 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.219022036 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.219068050 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.219077110 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.219099045 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.219136953 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.221669912 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.221688986 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.221726894 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.221735001 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.221776009 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.223347902 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.223370075 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.223428011 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.223434925 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.223465919 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.224708080 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.224735022 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.224765062 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.224772930 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.224801064 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.224829912 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.226425886 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.226450920 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.226492882 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.226500034 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.226527929 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.226572037 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.228869915 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.228890896 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.228934050 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.228941917 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.228981018 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.229928017 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.229948044 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.229984999 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.229991913 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.230022907 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.230043888 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.231880903 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.231900930 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.231967926 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.231975079 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.232001066 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.232031107 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.233727932 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.233751059 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.233787060 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.233798981 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.233834028 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.233855009 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.235575914 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.235608101 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.235631943 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.235640049 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.235677004 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.237349987 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.237370968 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.237411976 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.237418890 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.237452030 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.238614082 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.238637924 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.238677025 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.238683939 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.238718033 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.240463018 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.240485907 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.240525961 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.240534067 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.240569115 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.242240906 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.242261887 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.242297888 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.242307901 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.242340088 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.242358923 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.244015932 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.244039059 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.244079113 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.244087934 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.244127035 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.245167017 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.245198011 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.245230913 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.245238066 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.245270014 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.245291948 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.246848106 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.246872902 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.246916056 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.246922970 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.246989012 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.248645067 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.248667002 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.248717070 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.248723984 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.248759985 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.248783112 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.250323057 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.250344038 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.250384092 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.250391006 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.250437021 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.251406908 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.251427889 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.251486063 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.251493931 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.251540899 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.253268957 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.253288984 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.253329992 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.253338099 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.253376007 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.253393888 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.255177021 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.255227089 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.255228043 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.255244017 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.255296946 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.256156921 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.256177902 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.256217957 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.256225109 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.256256104 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.256275892 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.257438898 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.257467031 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.257491112 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.257498026 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.257528067 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.257546902 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.259246111 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.259268045 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.259299994 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.259308100 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.259337902 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.259352922 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.261061907 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.261084080 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.261118889 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.261126995 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.261152029 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.261169910 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.262027025 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.262048960 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.262088060 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.262094975 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.262125015 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.262140036 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.263289928 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.263313055 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.263344049 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.263350010 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.263395071 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.263402939 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.265119076 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.265139103 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.265207052 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.265213966 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.265254021 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.266623020 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.266643047 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.266680002 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.266686916 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.266716957 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.266738892 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.267647028 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.267667055 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.267702103 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.267709017 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.267736912 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.267751932 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.268892050 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.268912077 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.268945932 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.268951893 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.268985987 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.269004107 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.270725965 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.270745993 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.270780087 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.270790100 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.270822048 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.270842075 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.271761894 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.271784067 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.271821976 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.271828890 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.271852970 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.271874905 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.273443937 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.273463011 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.273498058 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.273509979 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.273547888 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.274173021 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.274192095 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.274226904 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.274234056 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.274260998 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.274279118 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.276010990 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.276030064 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.276067019 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.276082993 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.276107073 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.276122093 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.276968002 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.276987076 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.277019024 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.277025938 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.277062893 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.277076960 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.278753996 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.278774023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.278814077 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.278820992 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.278852940 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.278877020 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.280195951 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.280215025 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.280252934 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.280261993 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.280294895 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.280317068 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.281337976 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.281359911 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.281402111 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.281409025 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.281459093 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.282212973 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.282234907 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.282269955 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.282279015 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.282310009 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.282330036 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.283890009 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.283910990 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.283946991 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.283956051 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.283978939 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.284006119 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.284717083 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.284734964 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.284784079 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.284790039 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.284804106 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.284831047 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.286936998 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.286978960 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.287003994 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.287010908 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.287034035 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.287053108 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.287944078 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.287986040 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.288006067 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.288012028 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.288043976 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.288059950 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.288522005 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.288546085 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.288589954 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.288595915 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.288623095 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.288638115 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.290801048 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.290834904 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.290863037 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.290868998 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.290911913 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.291476011 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.291498899 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.291527033 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.291532993 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.291555882 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.291589022 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.292280912 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.292305946 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.292332888 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.292336941 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.292367935 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.292385101 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.293370008 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.293395996 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.293426991 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.293431044 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.293466091 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.295010090 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.295041084 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.295068979 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.295074940 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.295111895 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.296195984 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.296227932 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.296256065 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.296261072 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.296293020 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.296312094 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.297102928 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.297127008 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.297174931 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.297179937 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.297204971 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.297223091 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.298085928 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.298116922 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.298154116 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.298158884 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.298188925 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.298206091 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.299750090 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.299776077 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.299808025 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.299813032 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.299843073 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.299869061 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.300846100 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.300873041 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.300903082 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.300908089 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.300934076 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.300961018 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.301754951 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.301785946 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.301820040 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.301825047 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.301868916 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.302818060 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.302843094 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.302879095 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.302886963 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.302942038 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.302942991 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.304635048 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.304665089 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.304692030 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.304740906 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.304747105 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.304784060 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.305442095 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.305471897 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.305506945 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.305515051 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.305537939 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.305610895 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.306533098 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.306557894 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.306591034 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.306600094 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.306623936 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.306641102 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.307151079 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.307179928 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.307221889 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.307229996 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.307255983 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.307271957 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.309066057 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.309097052 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.309144974 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.309154034 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.309190989 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.309210062 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.310050011 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.310076952 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.310108900 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.310117006 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.310142994 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.310161114 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.310934067 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.310957909 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.310992956 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.311001062 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.311014891 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.311036110 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.312320948 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.312350988 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.312383890 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.312392950 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.312417984 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.312433004 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.313474894 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.313499928 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.313539028 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.313548088 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.313570976 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.313587904 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.314337015 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.314363003 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.314389944 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.314398050 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.314416885 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.314435959 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.315236092 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.315263987 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.315299988 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.315306902 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.315340996 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.315356016 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.316611052 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.316637039 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.316672087 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.316679955 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.316708088 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.316728115 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.317502975 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.317528009 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.317567110 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.317574978 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.317596912 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.317614079 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.318625927 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.318651915 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.318680048 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.318685055 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.318711042 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.318737984 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.319750071 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.319778919 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.319813967 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.319818020 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.319850922 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.319868088 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.320894957 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.320918083 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.320947886 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.320952892 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.320980072 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.321002960 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.321939945 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.321964025 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.321995020 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.322000027 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.322026968 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.322043896 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.322808981 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.322837114 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.322865009 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.322870016 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.322900057 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.322916031 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.323658943 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.323683023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.323714972 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.323719978 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.323756933 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.323774099 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.324673891 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.324698925 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.324729919 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.324734926 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.324767113 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.325712919 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.325737953 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.325778961 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.325783968 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.325819969 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.326746941 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.326771021 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.326803923 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.326807976 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.326843977 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.327613115 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.327639103 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.327671051 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.327677011 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.327708006 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.327733040 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.328540087 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.328564882 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.328597069 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.328602076 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.328627110 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.328633070 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.328649998 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.328653097 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.328679085 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.328715086 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.330044031 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.330070972 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.330105066 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.330111027 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.330138922 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.330154896 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.330739021 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.330764055 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.330790997 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.330796003 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.330830097 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.330847979 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.331681967 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.331712008 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.331738949 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.331744909 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.331773996 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.332695007 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.332717896 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.332746983 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.332751989 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.332786083 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.332804918 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.333317995 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.333339930 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.333375931 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.333380938 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.333403111 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.333419085 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.334301949 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.334326982 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.334363937 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.334368944 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.334418058 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.335266113 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.335289955 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.335325956 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.335330009 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.335361004 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.335376978 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.336061001 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.336083889 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.336111069 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.336114883 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.336147070 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.337733030 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.337758064 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.337790966 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.337795973 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.337825060 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.337845087 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.338810921 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.338833094 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.338876009 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.338880062 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.338921070 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.339658022 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.339680910 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.339708090 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.339711905 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.339740038 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.339759111 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.340353966 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.340393066 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.340404987 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.340410948 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.340456963 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.340457916 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.341085911 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.341110945 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.341139078 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.341144085 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.341169119 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.341197014 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.341967106 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.342000008 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.342052937 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.342058897 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.342108965 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.342878103 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.342911005 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.342928886 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.342933893 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.342994928 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.342994928 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.343761921 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.343797922 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.343815088 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.343820095 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.343842030 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.343857050 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.344520092 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.344542980 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.344585896 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.344589949 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.344630957 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.344657898 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.345465899 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.345488071 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.345524073 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.345527887 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.345561981 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.346357107 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.346381903 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.346410990 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.346415997 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.346443892 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.346462011 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.347131014 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.347171068 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.347183943 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.347189903 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.347212076 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.347228050 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.348098993 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.348123074 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.348150969 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.348155975 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.348182917 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.348197937 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.348826885 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.348853111 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.348881006 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.348885059 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.348907948 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.348923922 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.349241972 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.349261999 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.349291086 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.349294901 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.349315882 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.349333048 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.350581884 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.350620031 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.350639105 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.350645065 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.350677967 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.351337910 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.351362944 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.351393938 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.351398945 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.351425886 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.351442099 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.351577044 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.351598024 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.351622105 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.351625919 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.351655006 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.351670027 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.352601051 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.352622986 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.352657080 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.352662086 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.352695942 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.352711916 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.353998899 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.354037046 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.354053974 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.354060888 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.354087114 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.354100943 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.354118109 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.354151964 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.354654074 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.354684114 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.354710102 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.354713917 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.354731083 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.354753971 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.355045080 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.355067015 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.355093002 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.355097055 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.355119944 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.355137110 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.355992079 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.356014967 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.356044054 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.356049061 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.356087923 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.357110977 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.357135057 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.357163906 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.357168913 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.357208967 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.357935905 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.357960939 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.357989073 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.357992887 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.358015060 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.358032942 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.358182907 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.358203888 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.358231068 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.358234882 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.358258009 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.358272076 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.359179020 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.359203100 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.359235048 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.359239101 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.359271049 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.359289885 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.360380888 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.360405922 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.360440016 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.360445023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.360474110 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.360491037 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.361150026 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.361176014 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.361206055 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.361211061 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.361243010 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.361264944 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.361285925 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.361311913 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.361315966 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.361334085 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.361351967 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.362202883 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.362226963 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.362251997 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.362257004 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.362289906 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.362308025 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.363311052 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.363334894 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.363364935 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.363369942 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.363401890 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.364206076 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.364228964 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.364259005 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.364264011 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.364289999 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.364304066 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.364381075 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.364401102 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.364428997 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.364434004 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.364459991 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.364475965 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.365217924 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.365238905 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.365268946 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.365273952 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.365309000 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.365324020 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.366458893 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.366497993 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.366520882 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.366528034 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.366554022 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.366569996 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.367482901 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.367512941 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.367548943 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.367557049 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.367569923 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.367587090 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.367593050 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.367614031 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.367619991 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.367640972 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.367666960 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.368432045 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.368448019 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.368486881 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.368499041 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.368521929 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.368542910 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.369405985 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.369421005 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.369455099 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.369462967 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.369491100 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.369507074 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.371030092 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.371046066 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.371078968 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.371088028 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.371119022 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.371135950 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.371364117 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.371378899 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.371407032 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.371414900 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.371434927 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.371448040 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.371663094 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.371678114 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.371736050 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.371742964 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.371776104 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.372308016 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.372323990 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.372351885 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.372360945 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.372384071 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.372407913 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.373440981 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.373455048 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.373543024 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.373552084 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.373589039 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.373780012 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.373795986 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.373823881 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.373831034 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.373852015 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.373876095 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.374635935 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.374676943 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.374731064 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.374738932 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.374773979 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.375190973 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.375205994 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.375233889 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.375241041 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.375262022 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.375278950 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.375924110 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.375937939 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.375991106 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.375999928 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.376024008 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.376039028 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.376220942 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.376235962 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.376266956 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.376275063 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.376301050 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.376316071 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.377043962 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.377058983 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.377088070 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.377096891 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.377120018 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.377130985 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.377923012 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.377937078 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.377969980 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.377979040 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.378002882 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.378024101 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.379082918 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.379098892 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.379133940 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.379143000 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.379183054 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.379189968 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.379359961 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.379374027 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.379405022 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.379412889 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.379443884 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.379455090 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.380194902 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.380208969 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.380242109 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.380249023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.380276918 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.380285025 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.380940914 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.380958080 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.380987883 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.380995989 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.381017923 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.381036043 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.381505966 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.381520987 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.381570101 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.381584883 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.381628036 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.381855011 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.381869078 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.381911039 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.381920099 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.381949902 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.382735968 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.382750988 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.382798910 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.382808924 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.382848978 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.383523941 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.383538961 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.383586884 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.383594036 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.383627892 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.384335995 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.384356022 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.384414911 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.384416103 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.384424925 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.384460926 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.384480953 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.384495974 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.384576082 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.384583950 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.384624958 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.385504961 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.385519981 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.385569096 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.385579109 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.385628939 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.386249065 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.386264086 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.386295080 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.386301994 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.386327028 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.386346102 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.386955976 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.386970997 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.387017965 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.387026072 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.387068033 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.387298107 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.387314081 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.387348890 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.387356997 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.387375116 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.387391090 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.387988091 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.388004065 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.388036966 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.388045073 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.388071060 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.388086081 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.388696909 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.388711929 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.388748884 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.388756037 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.388782024 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.388797998 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.389673948 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.389688969 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.389727116 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.389734030 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.389756918 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.389791012 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.389832020 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.389847994 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.389869928 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.389877081 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.389900923 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.389916897 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.390635967 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.390651941 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.390682936 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.390691042 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.390728951 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.390757084 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.391518116 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.391532898 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.391570091 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.391580105 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.391596079 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.391613960 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.392188072 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.392204046 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.392256021 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.392262936 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.392291069 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.392371893 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.392386913 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.392414093 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.392421961 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.392445087 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.392461061 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.393106937 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.393121958 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.393151999 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.393158913 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.393177032 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.393191099 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.394088984 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.394104004 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.394138098 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.394146919 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.394169092 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.394186020 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.394903898 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.394941092 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.394968987 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.394975901 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.395013094 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.395026922 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.395030975 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.395041943 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.395071030 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.395078897 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.395087004 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.395111084 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.395127058 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.395821095 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.395836115 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.395873070 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.395880938 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.395915031 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.395930052 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.396537066 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.396550894 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.396579981 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.396589041 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.396610022 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.396625996 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.397268057 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.397281885 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.397310019 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.397319078 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.397345066 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.397361994 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.397509098 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.397526979 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.397564888 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.397571087 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.397595882 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.397613049 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.398674965 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.398726940 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.398735046 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.398786068 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.399717093 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.399733067 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.399768114 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.399775982 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.399799109 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.399815083 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.399964094 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.399980068 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.400027037 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.400034904 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.400069952 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.400957108 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.400979042 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.401009083 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.401016951 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.401045084 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.401062965 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.401180029 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.401196957 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.401225090 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.401231050 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.401262999 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.401290894 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.401637077 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.401653051 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.401686907 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.401694059 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.401721954 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.401741982 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.401998043 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.402012110 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.402035952 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.402044058 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.402065039 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.402080059 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.402709007 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.402724028 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.402754068 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.402760983 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.402786016 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.402798891 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.403763056 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.403779030 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.403810978 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.403820038 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.403848886 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.403871059 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.404325008 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.404340029 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.404371023 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.404381037 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.404398918 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.404416084 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.404685974 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.404701948 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.404728889 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.404736996 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.404768944 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.404792070 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.405152082 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.405167103 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.405196905 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.405205011 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.405231953 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.405258894 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.405919075 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.405935049 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.405989885 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.406002998 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.406037092 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.406826019 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.406842947 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.406879902 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.406887054 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.406929016 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.406953096 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.406972885 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.406987906 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.407021999 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.407028913 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.407052994 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.407073975 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.407767057 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.407783985 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.407824039 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.407830954 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.407869101 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.407891035 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.408184052 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.408217907 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.408236980 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.408245087 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.408282042 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.408299923 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.408821106 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.408838034 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.408884048 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.408891916 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.408922911 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.408946037 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.409089088 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.409110069 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.409157038 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.409167051 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.409183979 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.409200907 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.409897089 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.409914970 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.409961939 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.409970045 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.410006046 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.410022020 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.410568953 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.410586119 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.410631895 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.410640001 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.410667896 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.410682917 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.411971092 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.411989927 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412033081 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412041903 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412069082 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412085056 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412136078 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412153959 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412184000 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412189960 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412218094 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412235022 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412635088 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412652016 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412686110 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412693024 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412739992 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412748098 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412795067 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412811995 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412839890 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412847042 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412868977 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.412888050 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.413741112 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.413757086 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.413796902 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.413805008 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.413826942 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.413842916 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.413918972 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.413935900 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.413964987 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.413971901 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.414000034 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.414016962 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.414810896 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.414827108 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.414855003 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.414863110 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.414887905 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.414906979 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.414974928 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.414992094 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.415023088 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.415030956 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.415060997 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.415075064 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.416192055 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.416213989 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.416248083 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.416255951 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.416281939 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.416299105 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.416486979 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.416505098 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.416531086 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.416538000 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.416558981 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.416575909 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.417258024 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.417274952 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.417306900 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.417314053 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.417357922 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.417373896 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.417489052 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.417506933 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.417535067 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.417541981 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.417565107 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.417581081 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.418186903 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.418212891 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.418250084 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.418256998 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.418284893 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.418298960 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.418308020 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.418324947 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.418349981 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.418354988 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.418384075 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.418397903 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.419274092 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.419298887 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.419342995 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.419349909 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.419368029 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.419370890 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.419389009 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.419420958 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.419429064 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.419471025 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.446662903 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.446681023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.446705103 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.446718931 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.446829081 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.446839094 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.446849108 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.446868896 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.446887016 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.446890116 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.446997881 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447006941 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447045088 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447109938 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447124004 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447144032 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447173119 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447180033 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447201014 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447201967 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447217941 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447227955 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447236061 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447248936 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447288036 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447293997 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447304964 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447325945 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447345018 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447345972 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447357893 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447374105 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.447402000 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.451524973 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.451539993 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.451570988 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.451579094 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.451725006 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.451735973 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.451742887 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.451787949 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.451792002 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.451852083 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.451858997 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.451910973 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452194929 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452203989 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452234030 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452264071 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452271938 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452337980 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452347994 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452382088 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452399015 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452405930 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452440023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452440977 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452461958 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452465057 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452476025 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452492952 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452516079 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452531099 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452550888 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452573061 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452579021 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452591896 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452608109 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452622890 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452637911 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452665091 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452671051 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452692986 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452698946 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452711105 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452717066 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452730894 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452739000 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452766895 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452771902 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452789068 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452802896 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452804089 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452814102 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452831984 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452866077 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452878952 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452902079 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452929020 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452934980 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452951908 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452965975 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452969074 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452976942 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.452999115 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453007936 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453013897 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453038931 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453052998 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453057051 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453067064 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453083038 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453102112 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453109026 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453131914 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453142881 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453146935 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453154087 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453171968 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453176975 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453207970 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453208923 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453219891 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453243971 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453250885 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453274012 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453277111 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453289032 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453300953 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453316927 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453316927 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453330994 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453336954 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453350067 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453358889 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453392029 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453402042 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453414917 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453430891 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453435898 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453442097 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453460932 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453490019 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453493118 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453500986 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453519106 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453533888 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453541994 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453566074 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453576088 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453578949 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453586102 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453603983 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453618050 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453624964 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453648090 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453650951 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453663111 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453669071 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453681946 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453692913 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453725100 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453731060 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453749895 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453763008 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453766108 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453774929 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453790903 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453823090 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453835011 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453850985 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453876972 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453881979 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453901052 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453922987 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453923941 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453934908 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453953981 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453967094 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453973055 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.453996897 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454013109 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454015017 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454025030 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454044104 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454060078 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454067945 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454087019 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454090118 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454106092 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454107046 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454117060 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454133034 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454165936 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454170942 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454180002 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454199076 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454210997 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454231024 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454251051 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454268932 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454711914 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454732895 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454758883 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454766035 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454796076 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454817057 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.454982996 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455001116 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455039024 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455045938 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455069065 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455084085 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455379963 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455440044 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455496073 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455535889 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455543041 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455565929 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455583096 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455585957 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455617905 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455641985 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455660105 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455683947 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455689907 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455712080 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.455727100 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.456473112 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.456497908 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.456525087 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.456531048 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.456559896 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.456583023 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.456815004 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.456832886 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.456861019 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.456867933 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.456892967 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.456908941 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.457053900 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.457071066 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.457096100 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.457102060 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.457127094 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.457140923 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.457326889 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.457345963 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.457370043 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.457376003 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.457406044 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.457422972 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458120108 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458137989 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458189964 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458199024 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458228111 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458350897 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458368063 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458398104 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458506107 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458511114 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458545923 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458731890 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458750963 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458775043 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458781004 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458806992 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458821058 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458971977 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.458996058 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.459022045 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.459027052 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.459050894 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.459053993 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.459065914 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.459072113 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.459091902 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.459120989 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.459896088 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.459924936 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.459949970 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.459956884 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.459986925 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.460000992 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.460213900 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.460233927 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.460256100 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.460262060 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.460283041 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.460299969 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.460876942 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.460899115 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.460923910 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.460931063 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.460957050 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.460977077 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.461136103 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.461154938 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.461201906 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.461209059 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.461241007 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.461924076 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.461944103 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.461967945 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.461975098 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.461999893 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462016106 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462199926 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462220907 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462244987 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462251902 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462275028 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462291002 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462421894 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462440968 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462464094 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462471008 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462493896 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462512970 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462817907 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462835073 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462861061 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462867975 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462899923 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.462927103 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.463542938 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.463565111 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.463591099 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.463597059 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.463618040 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.463628054 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.463634968 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.463640928 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.463660002 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.463663101 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.463685989 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.463691950 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.463711977 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.463716030 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.463737011 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.463742971 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.463762999 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.463784933 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.465212107 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.465234041 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.465264082 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.465271950 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.465298891 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.465316057 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.466487885 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.466511965 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.466536999 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.466545105 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.466569901 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.466587067 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.466639996 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.466660023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.466696978 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.466702938 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.466715097 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.466737032 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.468543053 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.468566895 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.468594074 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.468601942 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.468635082 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.468653917 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.468679905 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.468696117 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.468723059 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.468729019 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.468750954 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.468774080 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.469803095 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.469822884 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.469847918 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.469854116 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.469881058 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.469894886 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.470103979 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.470132113 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.470158100 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.470165014 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.470205069 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.470205069 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.470205069 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.470217943 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.470237017 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.470243931 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.470272064 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.470277071 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.470328093 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.471539974 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.471937895 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.471962929 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.471988916 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.471996069 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.472018957 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.472038031 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.473176956 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.473567963 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.473588943 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.473614931 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.473622084 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.473649979 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.473666906 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.473819017 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.473835945 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.473860979 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.473869085 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.473896980 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.473905087 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.474035978 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.474054098 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.474075079 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.474081993 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.474102974 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.474117041 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.474711895 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.474730015 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.474755049 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.474761963 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.474786043 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.474800110 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.475804090 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.475825071 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.475847006 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.475856066 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.475869894 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.475878000 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.475893021 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.475897074 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.475918055 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.475950003 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.476099014 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.476116896 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.476140976 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.476147890 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.476171017 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.476191998 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.477456093 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.477478027 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.477502108 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.477509975 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.477530956 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.477534056 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.477554083 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.477561951 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.477574110 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.477585077 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.477617979 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.477952003 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.478404999 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.478565931 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.478589058 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.478611946 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.478631973 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.478643894 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.478667021 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.479790926 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.479815006 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.479841948 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.479850054 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.479877949 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.479893923 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.480103016 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.480120897 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.480148077 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.480154991 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.480179071 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.480195045 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.480705023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.480721951 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.480750084 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.480756998 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.480781078 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.480799913 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.481097937 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.481981993 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.482007027 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.482038975 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.482047081 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.482069016 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.482085943 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.482131004 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.482146978 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.482172966 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.482177973 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.482202053 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.482215881 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.482496023 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.483830929 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.483850956 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.483887911 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.483896017 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.483923912 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.483938932 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.484508991 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.484529972 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.484555960 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.484563112 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.484592915 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.484611988 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.485341072 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.485358953 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.485387087 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.485394955 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.485424995 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.485441923 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.485531092 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.485547066 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.485584974 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.485590935 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.485629082 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.485651016 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.486330986 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.486350060 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.486387014 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.486392021 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.486424923 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.486592054 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.486608982 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.486638069 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.486644030 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.486670971 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.486689091 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.487876892 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.487905025 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.487931967 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.487937927 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.487965107 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.487982035 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.488785982 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.488806963 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.488833904 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.488840103 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.488867998 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.488883972 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.488965034 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.488981962 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.489006042 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.489012003 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.489033937 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.489048004 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.489154100 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.489170074 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.489200115 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.489206076 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.489234924 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.489250898 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.490566969 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.490588903 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.490621090 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.490628004 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.490664959 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.491831064 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.491852045 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.491882086 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.491888046 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.491925955 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.492134094 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.492153883 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.492178917 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.492185116 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.492206097 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.492224932 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.492324114 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.492348909 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.492496014 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.492501974 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.492535114 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.493711948 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.493736029 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.493763924 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.493771076 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.493799925 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.493818045 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.494343996 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.494365931 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.494395018 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.494400978 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.494427919 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.494442940 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.494762897 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.494782925 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.494807959 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.494815111 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.494862080 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.494862080 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.494946957 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.494965076 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.494991064 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.494996071 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.495016098 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.495031118 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.496373892 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.496395111 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.496427059 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.496434927 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.496462107 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.496475935 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.496537924 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.496558905 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.496583939 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.496591091 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.496613026 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.496629000 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.497226000 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.497245073 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.497272968 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.497279882 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.497303963 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.497320890 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.497555017 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.497574091 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.497627020 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.497634888 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.497694016 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.498801947 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.498820066 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.498855114 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.498862028 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.498888016 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.498902082 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.499842882 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.499864101 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.499908924 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.499914885 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.499941111 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.499958038 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.500155926 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.500174046 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.500200033 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.500206947 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.500228882 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.500241041 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.500526905 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.500544071 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.500593901 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.500602961 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.500638008 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.501609087 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.501626015 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.501660109 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.501667023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.501687050 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.501703978 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.501805067 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.501821041 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.501849890 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.501857042 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.501878977 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.501897097 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.502784967 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.502810001 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.502840042 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.502850056 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.502870083 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.502882004 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.502985001 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.503002882 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.503034115 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.503040075 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.503060102 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.503082037 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.504139900 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.504158020 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.504192114 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.504198074 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.504221916 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.504236937 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.504349947 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.504364014 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.504389048 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.504395008 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.504416943 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.504434109 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.504937887 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.504954100 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.504986048 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.504992962 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.505013943 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.505027056 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.505166054 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.505181074 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.505206108 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.505213022 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.505232096 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.505247116 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.506660938 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.506679058 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.506706953 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.506716013 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.506740093 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.506753922 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.507513046 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.507533073 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.507556915 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.507564068 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.507587910 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.507601976 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.507976055 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.507997036 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.508023977 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.508032084 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.508053064 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.508065939 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.508194923 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.508212090 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.508240938 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.508248091 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.508270979 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.508285999 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.509279013 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.509294987 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.509322882 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.509330034 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.509358883 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.509377003 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.510159969 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.510179996 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.510211945 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.510220051 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.510260105 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.510329962 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.510348082 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.510370016 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.510375023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.510396004 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.510413885 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.511379004 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.511395931 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.511426926 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.511435032 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.511457920 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.511476994 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.511625051 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.511641979 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.511667013 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.511672974 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.511697054 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.511713982 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.513427973 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.513453007 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.513484001 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.513498068 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.513518095 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.513534069 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.513729095 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.513746023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.513771057 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.513777971 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.513801098 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.513818026 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515084028 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515103102 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515131950 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515141964 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515163898 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515182018 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515341997 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515362024 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515387058 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515393972 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515419006 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515428066 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515434980 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515439987 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515465021 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515466928 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515491962 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515496016 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515518904 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515543938 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515609980 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515630960 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515657902 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515665054 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515691042 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.515707970 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.516810894 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.516829014 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.516860962 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.516870022 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.516895056 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.516911983 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.516972065 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.516989946 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.517015934 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.517023087 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.517045975 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.517060995 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.518033028 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.518050909 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.518084049 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.518093109 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.518110037 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.518116951 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.518126011 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.518131971 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.518146038 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.518167019 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.518203020 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.518208027 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.518240929 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.519135952 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.519155025 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.519182920 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.519191980 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.519216061 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.519231081 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.519490004 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.519505978 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.519526958 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.519562006 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.519567013 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.519602060 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.520613909 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.520631075 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.520665884 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.520673037 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.520709038 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.520778894 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.520801067 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.520817995 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.520844936 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.520853043 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.520876884 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.520893097 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522197008 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522216082 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522243023 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522252083 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522274971 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522290945 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522384882 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522408962 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522433996 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522439003 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522461891 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522479057 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522536993 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522562027 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522592068 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522600889 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522622108 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522639036 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522763968 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522782087 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522811890 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522819042 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522842884 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.522857904 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.524826050 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.524844885 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.524874926 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.524883032 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.524925947 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.524955988 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.524974108 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.524997950 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.525002956 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.525024891 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.525048018 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.525422096 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.525439978 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.525468111 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.525475025 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.525504112 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.525515079 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.525651932 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.525672913 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.525696039 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.525702000 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.525744915 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.525744915 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.527734995 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.527751923 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.527789116 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.527797937 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.527823925 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.527839899 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.527899027 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.527920008 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.527942896 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.527949095 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.527971029 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.527987003 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.528060913 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.528078079 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.528103113 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.528109074 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.528131962 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.528146982 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.528225899 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.528244019 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.528270960 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.528276920 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.528297901 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.528300047 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.528315067 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.528320074 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.528340101 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.528371096 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.529661894 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.529679060 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.529706001 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.529716015 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.529741049 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.529757977 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.529900074 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.529917002 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.529948950 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.529954910 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.529997110 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.529997110 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.530199051 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.530215025 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.530241966 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.530249119 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.530277014 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.530292034 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.530416012 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.530431032 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.530458927 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.530466080 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.530491114 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.530503988 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.530636072 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.531277895 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532111883 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532129049 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532157898 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532166004 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532191992 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532207966 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532337904 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532352924 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532383919 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532392025 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532412052 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532430887 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532579899 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532596111 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532624006 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532630920 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532654047 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532669067 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532834053 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532851934 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532881975 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532888889 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532908916 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.532924891 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.534637928 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.534656048 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.534688950 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.534698963 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.534723043 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.534738064 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.534856081 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.534871101 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.534899950 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.534905910 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.534929037 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.534944057 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.535104036 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.535120010 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.535149097 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.535155058 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.535182953 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.535201073 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.535304070 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.535320997 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.535348892 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.535356045 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.535378933 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.535393953 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.536708117 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.536724091 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.536753893 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.536763906 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.536787033 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.536802053 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.536900997 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.536920071 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.536946058 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.536952972 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.536981106 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.536994934 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.537079096 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.537143946 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.537159920 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.537200928 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.537206888 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.537221909 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.537240028 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.537332058 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.537363052 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.537377119 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.537383080 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.537405014 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.537420034 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.538657904 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.538672924 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.538701057 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.538708925 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.538732052 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.538744926 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.538997889 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.539015055 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.539045095 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.539052010 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.539072037 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.539089918 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.539239883 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.539258003 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.539283037 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.539289951 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.539316893 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.539331913 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.539530993 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.539554119 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.539582968 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.539592981 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.539614916 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.539634943 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.552278042 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.560038090 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.560060978 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.560101986 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.560116053 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.560169935 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.560169935 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.560339928 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.560357094 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.560388088 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.560395002 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.560422897 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.560437918 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.560782909 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.560801029 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.560846090 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.560852051 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.560878992 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.560899019 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.561157942 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.561176062 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.561213017 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.561219931 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.561247110 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.561259031 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.561562061 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.561579943 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.561616898 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.561621904 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.561647892 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.561662912 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.561918974 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.561939955 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.561974049 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.561980963 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.562011957 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.562031031 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.562371969 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.562392950 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.562424898 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.562431097 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.562453985 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.562469006 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.562789917 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.562807083 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.562840939 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.562846899 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.562874079 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.562886953 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.563177109 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.563194990 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.563232899 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.563240051 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.563270092 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.563287973 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.563606977 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.563631058 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.563661098 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.563668013 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.563690901 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.563710928 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.563983917 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.564002037 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.564042091 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.564048052 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.564070940 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.564085960 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.564289093 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.564327955 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.564349890 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.564356089 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.564380884 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.564398050 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.564713001 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.564733028 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.564759970 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.564766884 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.564795971 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.564814091 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.707602024 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.707657099 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.707693100 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.707707882 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.707746029 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.707765102 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.707894087 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.707938910 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.707952023 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.707957983 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.707986116 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.707995892 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.707998991 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.708014965 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.708049059 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.708049059 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.708076954 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.708082914 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.708106995 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.708116055 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.708132029 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.708137035 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.708158016 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.708163023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.708200932 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.709760904 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.709786892 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.709825993 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.709834099 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.709860086 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.709878922 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.709990978 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710016966 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710043907 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710052013 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710066080 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710078001 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710091114 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710093021 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710108042 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710124016 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710156918 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710160971 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710172892 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710192919 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710210085 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710216045 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710242987 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710266113 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710397005 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710422993 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710465908 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710474014 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710484982 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710515022 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710659981 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710678101 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710710049 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710716009 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710726023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710741043 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710746050 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710752010 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710758924 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710793018 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.710819006 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711188078 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711214066 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711245060 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711251020 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711275101 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711286068 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711364985 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711391926 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711420059 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711426020 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711451054 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711457968 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711471081 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711477995 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711496115 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711505890 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711534977 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711548090 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711558104 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711570024 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711582899 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711599112 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711605072 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711632013 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.711663961 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712698936 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712729931 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712774992 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712780952 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712799072 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712815046 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712820053 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712841034 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712846994 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712862015 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712881088 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712884903 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712903976 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712919950 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712929964 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712963104 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712966919 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712979078 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.712996960 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.713016033 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.713021994 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.713035107 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.713038921 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.713057995 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.713063955 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.713069916 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.713093042 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.713129044 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714195013 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714219093 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714256048 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714262009 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714273930 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714289904 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714294910 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714310884 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714315891 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714327097 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714344978 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714349985 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714361906 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714374065 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714380026 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714411020 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714436054 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714437008 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714447021 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714466095 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714484930 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714492083 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714514971 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714517117 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714524031 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714529037 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714555979 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714561939 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714586973 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714591026 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714607000 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714633942 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714675903 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714695930 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714745045 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714751005 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714765072 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714777946 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714777946 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714786053 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714798927 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714814901 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714852095 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714858055 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714864969 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714879990 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714900970 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714929104 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714934111 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714943886 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714962959 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714981079 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.714988947 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715013027 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715020895 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715030909 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715051889 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715058088 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715076923 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715086937 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715109110 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715115070 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715142012 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715151072 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715159893 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715167999 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715190887 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715200901 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715219975 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715224981 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715248108 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.715271950 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716129065 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716145039 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716185093 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716191053 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716203928 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716217995 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716224909 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716233969 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716239929 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716260910 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716290951 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716290951 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716303110 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716325045 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716355085 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716365099 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716375113 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716377020 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716401100 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716402054 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716413021 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716439962 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716461897 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716476917 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716491938 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716499090 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716510057 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716525078 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716531992 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716547012 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716556072 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716561079 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716586113 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716602087 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716617107 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716646910 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716646910 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716654062 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716671944 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716686964 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716692924 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716703892 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716708899 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716727018 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716753006 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716763973 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716784954 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716814041 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716819048 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716836929 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716840029 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716849089 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716855049 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716867924 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716882944 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716919899 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716922998 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716934919 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716959000 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716979980 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716986895 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.716999054 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717000008 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717020988 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717025042 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717031956 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717061996 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717082024 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717097044 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717097998 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717107058 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717132092 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717154980 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717155933 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717165947 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717186928 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717200041 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717206001 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717236042 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717252016 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717258930 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717277050 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717291117 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717304945 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717312098 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717323065 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717325926 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717343092 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717360020 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717367887 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717377901 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717395067 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717413902 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717421055 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717427015 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717444897 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717478991 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717478991 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717489958 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717499018 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717506886 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717526913 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717535019 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717561960 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717570066 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717592001 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717607021 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717617989 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717619896 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717629910 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717648029 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717675924 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717684984 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717701912 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717745066 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717751026 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717762947 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717783928 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717789888 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717789888 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717797995 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717813015 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717839003 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717848063 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717855930 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717875004 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717907906 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717907906 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717921019 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717946053 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717948914 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717948914 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717982054 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717983007 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.717993975 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718017101 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718017101 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718018055 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718036890 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718040943 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718051910 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718061924 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718074083 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718084097 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718112946 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718118906 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718130112 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718148947 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718157053 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718163013 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718178034 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718182087 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718194962 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718199968 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718214035 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718219995 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718241930 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718261003 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718274117 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718280077 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718301058 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718308926 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718327045 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718331099 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718341112 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718358994 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718365908 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718388081 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718395948 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718405962 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718410015 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718417883 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718430996 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718455076 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718461990 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718486071 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718487024 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718508005 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718512058 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718518019 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718538046 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718564987 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718574047 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718584061 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718600988 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718622923 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718631029 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718641996 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718642950 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718642950 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718660116 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718668938 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718673944 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718697071 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718717098 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718724966 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718733072 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718744040 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718760967 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718776941 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718780994 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718797922 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718807936 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718816996 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718835115 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718839884 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718868971 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718883038 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718895912 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718902111 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718923092 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718936920 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718949080 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718966961 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718976021 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.718988895 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719022989 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719038963 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719050884 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719058990 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719068050 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719079018 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719089985 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719105959 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719118118 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719124079 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719156027 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719162941 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719176054 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719182014 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719192028 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719197989 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719222069 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719227076 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719243050 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719254017 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719261885 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719269037 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719274044 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719296932 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719319105 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719329119 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719335079 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719356060 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719386101 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719388962 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719400883 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719408989 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719424009 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719440937 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719448090 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719458103 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719465971 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719477892 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719487906 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719491005 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719506979 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719528913 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719563007 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719564915 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719577074 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719597101 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719611883 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719619036 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719645023 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719646931 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719661951 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719661951 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719674110 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719696999 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719727039 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719727039 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719738007 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719760895 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719774008 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719788074 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719791889 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719805956 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719820023 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719829082 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719841957 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719846964 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719885111 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719901085 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719963074 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719978094 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719980001 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.719989061 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720010042 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720249891 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720249891 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720262051 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720282078 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720302105 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720309973 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720330000 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720343113 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720355034 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720381021 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720386982 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720410109 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720423937 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720477104 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720489979 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720498085 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720541954 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720541954 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720541954 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720549107 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720561028 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720561028 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720561028 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720582962 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720597982 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720602989 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720614910 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720638037 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720642090 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720659971 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720664024 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720669985 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720700026 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720721006 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720724106 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720731974 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720748901 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720792055 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720793009 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720799923 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720813990 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720838070 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720843077 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720851898 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720882893 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720906973 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720909119 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720917940 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720942020 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720956087 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720973969 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720980883 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.720993042 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721000910 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721008062 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721035004 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721043110 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721055984 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721065998 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721085072 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721086025 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721097946 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721113920 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721141100 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721153975 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721173048 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721200943 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721206903 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721227884 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721235037 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721245050 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721250057 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721261978 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721276045 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721304893 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721309900 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721321106 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721338987 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721363068 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721369982 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721380949 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721388102 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721402884 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721410036 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721415997 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721445084 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721455097 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721472025 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721488953 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721498966 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721508980 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721517086 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721529007 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721535921 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721565962 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721571922 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721590996 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721595049 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721609116 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721621037 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721626997 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721651077 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721662045 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721678019 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721681118 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721692085 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721709967 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721738100 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721741915 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721751928 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721772909 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721786976 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721797943 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721801043 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721812010 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721827984 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721832991 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721862078 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721868038 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721889019 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721904039 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721909046 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721915007 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721936941 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721950054 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721959114 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721963882 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721975088 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721992970 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.721995115 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722026110 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722033024 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722043037 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722053051 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722068071 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722071886 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722086906 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722104073 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722131014 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722141027 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722161055 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722187042 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722193003 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722203016 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722218037 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722234964 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722235918 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722244978 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722261906 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722291946 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722296953 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722306967 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722326994 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722346067 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722353935 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722363949 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722377062 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722383976 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722384930 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722395897 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722418070 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722449064 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722450972 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722460985 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722481966 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722508907 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722517014 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722527027 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722527027 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722551107 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722553015 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722564936 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722585917 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722615004 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722616911 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722628117 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722647905 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722673893 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722676992 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722687006 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722693920 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722712040 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722745895 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722745895 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722760916 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722778082 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722791910 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722810984 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722826958 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722856998 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722862005 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722872972 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722877979 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722898006 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722923994 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722930908 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722954035 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722954988 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722973108 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722980976 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.722986937 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723009109 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723016977 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723030090 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723036051 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723046064 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723067045 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723088980 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723088980 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723099947 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723119020 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723136902 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723144054 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723155975 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723160028 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723180056 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723186016 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723206043 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723218918 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723231077 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723237038 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723254919 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723258972 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723279953 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723284960 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723295927 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723309994 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723309994 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723346949 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723352909 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723362923 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723366022 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723391056 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723397970 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723404884 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723419905 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723443985 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723453999 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723469973 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723498106 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723504066 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723517895 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723539114 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723556042 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723570108 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723576069 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723587990 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723601103 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723614931 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723625898 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723633051 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723654985 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723664045 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723676920 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723683119 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723706007 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723716974 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723716974 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723730087 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723748922 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723778009 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723783016 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723794937 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723803043 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723819971 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723824978 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723850965 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723855972 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723879099 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723879099 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723889112 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723900080 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723927021 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723927975 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723944902 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723946095 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723953962 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.723973989 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724004030 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724006891 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724014044 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724046946 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724061012 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724078894 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724096060 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724103928 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724109888 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724129915 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724133015 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724142075 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724147081 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724159002 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724173069 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724205971 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724211931 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724221945 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724241018 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724256039 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724261045 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724272966 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724292994 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724292994 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724311113 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724318027 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724323988 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724350929 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724359035 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724374056 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724379063 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724390984 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724410057 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724425077 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724441051 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724499941 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724517107 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724561930 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724575043 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724579096 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724586010 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724586010 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724632978 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724642992 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724659920 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724664927 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724677086 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724699020 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724710941 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724715948 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724741936 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724761963 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724766970 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724773884 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724791050 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724812984 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724819899 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724829912 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724845886 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724848986 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724870920 CET49737443192.168.2.818.67.65.20
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724877119 CET4434973718.67.65.20192.168.2.8
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:26.724889040 CET49737443192.168.2.818.67.65.20

                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.218424082 CET192.168.2.81.1.1.10xbd9Standard query (0)veryfast.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.674989939 CET192.168.2.81.1.1.10x7e16Standard query (0)veryfast.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.680872917 CET192.168.2.81.1.1.10x1290Standard query (0)veryfast.io65IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.697227955 CET192.168.2.81.1.1.10x3223Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.700937033 CET192.168.2.81.1.1.10xba49Standard query (0)clients2.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.701919079 CET192.168.2.81.1.1.10xe1deStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.702116013 CET192.168.2.81.1.1.10xeee9Standard query (0)accounts.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.620807886 CET192.168.2.81.1.1.10xd392Standard query (0)repository.pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.621292114 CET192.168.2.81.1.1.10x66cbStandard query (0)repository.pcapp.store65IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.984148979 CET192.168.2.81.1.1.10x4318Standard query (0)repcdn.veryfast.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.398303986 CET192.168.2.81.1.1.10x1cdStandard query (0)repository.pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.398726940 CET192.168.2.81.1.1.10x42fcStandard query (0)repository.pcapp.store65IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.909555912 CET192.168.2.81.1.1.10x97a8Standard query (0)veryfast.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.909796953 CET192.168.2.81.1.1.10x9427Standard query (0)veryfast.io65IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.870783091 CET192.168.2.81.1.1.10x3838Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.871556044 CET192.168.2.81.1.1.10x622cStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.929747105 CET192.168.2.81.1.1.10x7b64Standard query (0)d1uyoz7mfvzv4e.cloudfront.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:57:05.998020887 CET192.168.2.81.1.1.10x5a5cStandard query (0)connect.facebook.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:57:05.998414993 CET192.168.2.81.1.1.10xb759Standard query (0)connect.facebook.net65IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:57:49.862576008 CET192.168.2.81.1.1.10x5db3Standard query (0)clients1.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:57:49.862879992 CET192.168.2.81.1.1.10x7b43Standard query (0)clients1.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:58:24.975116014 CET192.168.2.81.1.1.10x2531Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:58:24.975218058 CET192.168.2.81.1.1.10xa7cStandard query (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:15.361613989 CET1.1.1.1192.168.2.80xbd9No error (0)veryfast.io161.35.127.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.814543962 CET1.1.1.1192.168.2.80x3223No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.814543962 CET1.1.1.1192.168.2.80x3223No error (0)clients.l.google.com74.125.138.113A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.814543962 CET1.1.1.1192.168.2.80x3223No error (0)clients.l.google.com74.125.138.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.814543962 CET1.1.1.1192.168.2.80x3223No error (0)clients.l.google.com74.125.138.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.814543962 CET1.1.1.1192.168.2.80x3223No error (0)clients.l.google.com74.125.138.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.814543962 CET1.1.1.1192.168.2.80x3223No error (0)clients.l.google.com74.125.138.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.814543962 CET1.1.1.1192.168.2.80x3223No error (0)clients.l.google.com74.125.138.101A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.818469048 CET1.1.1.1192.168.2.80xba49No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.819077015 CET1.1.1.1192.168.2.80xe1deNo error (0)accounts.google.com74.125.136.84A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:20.856478930 CET1.1.1.1192.168.2.80x7e16No error (0)veryfast.io161.35.127.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.806874990 CET1.1.1.1192.168.2.80xd392No error (0)repository.pcapp.store1715720427.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.806874990 CET1.1.1.1192.168.2.80xd392No error (0)1715720427.rsc.cdn77.org37.19.206.5A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:22.825841904 CET1.1.1.1192.168.2.80x66cbNo error (0)repository.pcapp.store1715720427.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.288291931 CET1.1.1.1192.168.2.80x4318No error (0)repcdn.veryfast.io1791066845.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.288291931 CET1.1.1.1192.168.2.80x4318No error (0)1791066845.rsc.cdn77.org89.187.173.22A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.288291931 CET1.1.1.1192.168.2.80x4318No error (0)1791066845.rsc.cdn77.org89.187.173.12A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.573930025 CET1.1.1.1192.168.2.80x42fcNo error (0)repository.pcapp.store1715720427.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.597563028 CET1.1.1.1192.168.2.80x1cdNo error (0)repository.pcapp.store1715720427.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:23.597563028 CET1.1.1.1192.168.2.80x1cdNo error (0)1715720427.rsc.cdn77.org37.19.206.5A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.042083025 CET1.1.1.1192.168.2.80x97a8No error (0)veryfast.io161.35.127.181A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.988044977 CET1.1.1.1192.168.2.80x3838No error (0)www.google.com74.125.138.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.988044977 CET1.1.1.1192.168.2.80x3838No error (0)www.google.com74.125.138.104A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.988044977 CET1.1.1.1192.168.2.80x3838No error (0)www.google.com74.125.138.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.988044977 CET1.1.1.1192.168.2.80x3838No error (0)www.google.com74.125.138.147A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.988044977 CET1.1.1.1192.168.2.80x3838No error (0)www.google.com74.125.138.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.988044977 CET1.1.1.1192.168.2.80x3838No error (0)www.google.com74.125.138.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:24.989912987 CET1.1.1.1192.168.2.80x622cNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.075654030 CET1.1.1.1192.168.2.80x7b64No error (0)d1uyoz7mfvzv4e.cloudfront.net18.67.65.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.075654030 CET1.1.1.1192.168.2.80x7b64No error (0)d1uyoz7mfvzv4e.cloudfront.net18.67.65.29A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.075654030 CET1.1.1.1192.168.2.80x7b64No error (0)d1uyoz7mfvzv4e.cloudfront.net18.67.65.94A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:56:25.075654030 CET1.1.1.1192.168.2.80x7b64No error (0)d1uyoz7mfvzv4e.cloudfront.net18.67.65.114A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:57:06.115536928 CET1.1.1.1192.168.2.80x5a5cNo error (0)connect.facebook.netscontent.xx.fbcdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:57:06.115536928 CET1.1.1.1192.168.2.80x5a5cNo error (0)scontent.xx.fbcdn.net31.13.65.7A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:57:06.115571976 CET1.1.1.1192.168.2.80xb759No error (0)connect.facebook.netscontent.xx.fbcdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:57:49.979906082 CET1.1.1.1192.168.2.80x5db3No error (0)clients1.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:57:49.979906082 CET1.1.1.1192.168.2.80x5db3No error (0)clients.l.google.com74.125.136.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:57:49.979906082 CET1.1.1.1192.168.2.80x5db3No error (0)clients.l.google.com74.125.136.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:57:49.979906082 CET1.1.1.1192.168.2.80x5db3No error (0)clients.l.google.com74.125.136.113A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:57:49.979906082 CET1.1.1.1192.168.2.80x5db3No error (0)clients.l.google.com74.125.136.101A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:57:49.979906082 CET1.1.1.1192.168.2.80x5db3No error (0)clients.l.google.com74.125.136.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:57:49.979906082 CET1.1.1.1192.168.2.80x5db3No error (0)clients.l.google.com74.125.136.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:57:49.979963064 CET1.1.1.1192.168.2.80x7b43No error (0)clients1.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:58:25.092310905 CET1.1.1.1192.168.2.80xa7cNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:58:25.092631102 CET1.1.1.1192.168.2.80x2531No error (0)www.google.com142.250.105.147A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:58:25.092631102 CET1.1.1.1192.168.2.80x2531No error (0)www.google.com142.250.105.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:58:25.092631102 CET1.1.1.1192.168.2.80x2531No error (0)www.google.com142.250.105.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:58:25.092631102 CET1.1.1.1192.168.2.80x2531No error (0)www.google.com142.250.105.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:58:25.092631102 CET1.1.1.1192.168.2.80x2531No error (0)www.google.com142.250.105.104A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                  Feb 5, 2024 15:58:25.092631102 CET1.1.1.1192.168.2.80x2531No error (0)www.google.com142.250.105.99A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  0192.168.2.849709161.35.127.1814432072C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:15 UTC243OUTGET /pixel.gif?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&evt_src=installer&evt_action=mini_start&version=&defaultbrowser=default HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-02-05 14:56:15 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:15 GMT
                                                                                                                                                                                                                                                  Content-Type: image/gif
                                                                                                                                                                                                                                                  Content-Length: 42
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                  2024-02-05 14:56:15 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                  Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  1192.168.2.84971274.125.136.844432340C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC680OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                                                                                                                                                                                                                                                  Host: accounts.google.com
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Content-Length: 1
                                                                                                                                                                                                                                                  Origin: https://www.google.com
                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  Cookie: NID=511=orcSInoZBb6Srw0PdPMNeLGKsegfLi-tQnviho5hKJXKDNg0kXIPnfTcuwV5r7RqjT893pWGJF7klKqldBoj4rDJvxfFlgDOCcW9aKDnU9zIlUh2LP0vO8k3uT0gHJD1JvVAclkJnKwZG6hDAl62HrMxNrUeqSR-WF1J-l9YYgE
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC1OUTData Raw: 20
                                                                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC1798INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: https://www.google.com
                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:21 GMT
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                                                                                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-idYaJe1xEjPHCu3U_BKBBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                  reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzjMtDikmLw05BiOHxtB5Meyy0mIyCe2_2UaSEQH4x7znQUiHf4eLA4pc9gDQBiIW6Oqe-a17EJHLjxIAMAnxAXew"
                                                                                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC23INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 11["gaia.l.a.r",[]]
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  2192.168.2.84971174.125.138.1134432340C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC752OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                                                                                                                                                                                                                                                  Host: clients2.google.com
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  X-Goog-Update-Interactivity: fg
                                                                                                                                                                                                                                                  X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                                                                                                                                                                                                                                                  X-Goog-Update-Updater: chromecrx-117.0.5938.132
                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC732INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-f3diwEQVv11yRYq9GlYlDA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                                                                                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:21 GMT
                                                                                                                                                                                                                                                  Content-Type: text/xml; charset=UTF-8
                                                                                                                                                                                                                                                  X-Daynum: 6244
                                                                                                                                                                                                                                                  X-Daystart: 24981
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  Server: GSE
                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC520INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 34 34 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 34 39 38 31 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                                                                                                                                                                                                                                                  Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6244" elapsed_seconds="24981"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC200INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  3192.168.2.849714161.35.127.1814432340C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC711OUTGET /installing.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67 HTTP/1.1
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                  Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                  Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC349INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:21 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Content-Length: 266
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC266INData Raw: 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 73 72 63 2f 6d 61 69 6e 5f 63 6f 64 65 2e 6a 73 3f 74 3d 32 30 31 37 31 30 32 30 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 66 74 28 27 73 74 61 72 74 49 6e 73 74 61 6c 6c 27 29 3b 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 69 6e 73 74 61 6c 6c 69 6e 67 32 2e 68 74 6d 6c 27 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 0a 20 20 20 20 20 20 20 20 7d 2c 32 30 30 29 3b 0a 20 20 20 20 3c 2f 73 63 72 69
                                                                                                                                                                                                                                                  Data Ascii: <html> <script src="src/main_code.js?t=20171020"></script> <script> ft('startInstall'); window.setTimeout(function(){ window.location.href = 'installing2.html'+window.location.search; },200); </scri


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  4192.168.2.849713161.35.127.1814432340C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC591OUTGET /src/main_code.js?t=20171020 HTTP/1.1
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                  Referer: https://veryfast.io/installing.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC363INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:21 GMT
                                                                                                                                                                                                                                                  Content-Type: application/javascript
                                                                                                                                                                                                                                                  Content-Length: 9719
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC9719INData Raw: 76 61 72 20 6d 61 6b 65 50 6f 73 74 52 65 71 75 65 73 74 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 75 72 6c 2c 20 64 61 74 61 2c 20 63 61 6c 6c 62 61 63 6b 29 20 7b 0a 20 20 76 61 72 20 68 74 74 70 52 65 71 75 65 73 74 20 3d 20 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 28 29 3b 0a 0a 20 20 69 66 20 28 21 68 74 74 70 52 65 71 75 65 73 74 29 20 7b 0a 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 47 69 76 69 6e 67 20 75 70 20 3a 28 20 43 61 6e 6e 6f 74 20 63 72 65 61 74 65 20 61 6e 20 58 4d 4c 48 54 54 50 20 69 6e 73 74 61 6e 63 65 22 29 3b 0a 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0a 20 20 7d 0a 20 20 68 74 74 70 52 65 71 75 65 73 74 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29
                                                                                                                                                                                                                                                  Data Ascii: var makePostRequest = function (url, data, callback) { var httpRequest = new XMLHttpRequest(); if (!httpRequest) { console.log("Giving up :( Cannot create an XMLHTTP instance"); return false; } httpRequest.onreadystatechange = function ()


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  5192.168.2.849717161.35.127.1814432340C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC819OUTGET /installing2.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67 HTTP/1.1
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                  Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                  Referer: https://veryfast.io/installing.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  Cookie: _fcid=1707144980615896
                                                                                                                                                                                                                                                  2024-02-05 14:56:22 UTC350INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:22 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Content-Length: 2700
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                  2024-02-05 14:56:22 UTC2700INData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 61 73 73 65 74 73 2f 70 6c 75 67 69 6e 73 2f 6a 71 75 65 72 79 2d 33 2e 35 2e 31 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 49 6e 73 74 61 6c 6c 69 6e 67 20 46 61 73 74 21 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 20 53 61 6e 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 3e 0a 09 3c 73 74 79 6c 65 3e 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4f 70 65 6e 20 53 61 6e
                                                                                                                                                                                                                                                  Data Ascii: <html><head><script type="text/javascript" src="assets/plugins/jquery-3.5.1.min.js"></script> <title>Installing Fast!</title> <link href='//fonts.googleapis.com/css?family=Open Sans' rel='stylesheet'><style>body {font-family: 'Open San


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  6192.168.2.849718161.35.127.1814432340C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC699OUTPOST /api/api.php HTTP/1.1
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Content-Length: 62
                                                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Origin: https://veryfast.io
                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                  Referer: https://veryfast.io/installing.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  Cookie: _fcid=1707144980615896
                                                                                                                                                                                                                                                  2024-02-05 14:56:21 UTC62OUTData Raw: 7b 22 63 22 3a 22 66 72 6f 6e 74 22 2c 22 61 22 3a 22 74 72 69 67 67 65 72 22 2c 22 70 22 3a 7b 22 74 22 3a 22 73 74 61 72 74 49 6e 73 74 61 6c 6c 22 2c 22 77 73 22 3a 74 72 75 65 7d 7d
                                                                                                                                                                                                                                                  Data Ascii: {"c":"front","a":"trigger","p":{"t":"startInstall","ws":true}}


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  7192.168.2.849719161.35.127.1814432340C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:22 UTC861OUTGET /pixel.gif?evt_src=web&evt_action=new_fcid&ncrd=1707144980624&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/117.0.0.0%20Safari/537.36 HTTP/1.1
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                  Referer: https://veryfast.io/installing.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  Cookie: _fcid=1707144980615896


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  8192.168.2.849721161.35.127.1814432340C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:22 UTC631OUTGET /assets/plugins/jquery-3.5.1.min.js HTTP/1.1
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                  Referer: https://veryfast.io/installing2.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  Cookie: _fcid=1707144980615896
                                                                                                                                                                                                                                                  2024-02-05 14:56:22 UTC364INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:22 GMT
                                                                                                                                                                                                                                                  Content-Type: application/javascript
                                                                                                                                                                                                                                                  Content-Length: 89476
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                  2024-02-05 14:56:22 UTC16020INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 35 2e 31 20 7c 20 28 63 29 20 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20
                                                                                                                                                                                                                                                  Data Ascii: /*! jQuery v3.5.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery
                                                                                                                                                                                                                                                  2024-02-05 14:56:22 UTC16384INData Raw: 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 72 65 74 75 72 6e 21 31 3b 75 3d 6c 3d 22 6f 6e 6c 79 22 3d 3d 3d 68 26 26 21 75 26 26 22 6e 65 78 74 53 69 62 6c 69 6e 67 22 7d 72 65 74 75 72 6e 21 30 7d 69 66 28 75 3d 5b 6d 3f 63 2e 66 69 72 73 74 43 68 69 6c 64 3a 63 2e 6c 61 73 74 43 68 69 6c 64 5d 2c 6d 26 26 70 29 7b 64 3d 28 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 63 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 26 26 72 5b 32 5d 2c 61 3d 73 26 26 63 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 73 5d 3b 77 68 69 6c 65 28 61
                                                                                                                                                                                                                                                  Data Ascii: eName.toLowerCase()===f:1===a.nodeType)return!1;u=l="only"===h&&!u&&"nextSibling"}return!0}if(u=[m?c.firstChild:c.lastChild],m&&p){d=(s=(r=(i=(o=(a=c)[S]||(a[S]={}))[a.uniqueID]||(o[a.uniqueID]={}))[h]||[])[0]===k&&r[1])&&r[2],a=s&&c.childNodes[s];while(a
                                                                                                                                                                                                                                                  2024-02-05 14:56:22 UTC16384INData Raw: 2c 6e 29 24 28 65 2c 74 2c 73 2c 6e 5b 73 5d 2c 21 30 2c 6f 2c 61 29 3b 65 6c 73 65 20 69 66 28 76 6f 69 64 20 30 21 3d 3d 72 26 26 28 69 3d 21 30 2c 6d 28 72 29 7c 7c 28 61 3d 21 30 29 2c 6c 26 26 28 61 3f 28 74 2e 63 61 6c 6c 28 65 2c 72 29 2c 74 3d 6e 75 6c 6c 29 3a 28 6c 3d 74 2c 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 6c 2e 63 61 6c 6c 28 53 28 65 29 2c 6e 29 7d 29 29 2c 74 29 29 66 6f 72 28 3b 73 3c 75 3b 73 2b 2b 29 74 28 65 5b 73 5d 2c 6e 2c 61 3f 72 3a 72 2e 63 61 6c 6c 28 65 5b 73 5d 2c 73 2c 74 28 65 5b 73 5d 2c 6e 29 29 29 3b 72 65 74 75 72 6e 20 69 3f 65 3a 6c 3f 74 2e 63 61 6c 6c 28 65 29 3a 75 3f 74 28 65 5b 30 5d 2c 6e 29 3a 6f 7d 2c 5f 3d 2f 5e 2d 6d 73 2d 2f 2c 7a 3d 2f 2d 28 5b 61 2d 7a 5d 29 2f 67 3b
                                                                                                                                                                                                                                                  Data Ascii: ,n)$(e,t,s,n[s],!0,o,a);else if(void 0!==r&&(i=!0,m(r)||(a=!0),l&&(a?(t.call(e,r),t=null):(l=t,t=function(e,t,n){return l.call(S(e),n)})),t))for(;s<u;s++)t(e[s],n,a?r:r.call(e[s],s,t(e[s],n)));return i?e:l?t.call(e):u?t(e[0],n):o},_=/^-ms-/,z=/-([a-z])/g;
                                                                                                                                                                                                                                                  2024-02-05 14:56:22 UTC16384INData Raw: 26 26 28 6e 26 26 69 65 28 72 29 26 26 79 65 28 76 65 28 72 2c 22 73 63 72 69 70 74 22 29 29 2c 72 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 72 29 29 3b 72 65 74 75 72 6e 20 65 7d 53 2e 65 78 74 65 6e 64 28 7b 68 74 6d 6c 50 72 65 66 69 6c 74 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 7d 2c 63 6c 6f 6e 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 61 2c 73 2c 75 2c 6c 2c 63 3d 65 2e 63 6c 6f 6e 65 4e 6f 64 65 28 21 30 29 2c 66 3d 69 65 28 65 29 3b 69 66 28 21 28 79 2e 6e 6f 43 6c 6f 6e 65 43 68 65 63 6b 65 64 7c 7c 31 21 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 26 26 31 31 21 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 29 29 66 6f
                                                                                                                                                                                                                                                  Data Ascii: &&(n&&ie(r)&&ye(ve(r,"script")),r.parentNode.removeChild(r));return e}S.extend({htmlPrefilter:function(e){return e},clone:function(e,t,n){var r,i,o,a,s,u,l,c=e.cloneNode(!0),f=ie(e);if(!(y.noCloneChecked||1!==e.nodeType&&11!==e.nodeType||S.isXMLDoc(e)))fo
                                                                                                                                                                                                                                                  2024-02-05 14:56:22 UTC16384INData Raw: 61 74 65 45 6c 65 6d 65 6e 74 28 22 6f 70 74 69 6f 6e 22 29 29 2c 72 74 2e 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 2c 79 2e 63 68 65 63 6b 4f 6e 3d 22 22 21 3d 3d 72 74 2e 76 61 6c 75 65 2c 79 2e 6f 70 74 53 65 6c 65 63 74 65 64 3d 69 74 2e 73 65 6c 65 63 74 65 64 2c 28 72 74 3d 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 29 2e 76 61 6c 75 65 3d 22 74 22 2c 72 74 2e 74 79 70 65 3d 22 72 61 64 69 6f 22 2c 79 2e 72 61 64 69 6f 56 61 6c 75 65 3d 22 74 22 3d 3d 3d 72 74 2e 76 61 6c 75 65 3b 76 61 72 20 70 74 2c 64 74 3d 53 2e 65 78 70 72 2e 61 74 74 72 48 61 6e 64 6c 65 3b 53 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 24 28 74 68 69 73 2c 53 2e 61 74 74 72
                                                                                                                                                                                                                                                  Data Ascii: ateElement("option")),rt.type="checkbox",y.checkOn=""!==rt.value,y.optSelected=it.selected,(rt=E.createElement("input")).value="t",rt.type="radio",y.radioValue="t"===rt.value;var pt,dt=S.expr.attrHandle;S.fn.extend({attr:function(e,t){return $(this,S.attr
                                                                                                                                                                                                                                                  2024-02-05 14:56:22 UTC7920INData Raw: 6c 65 6e 67 74 68 29 7d 2c 53 2e 61 6a 61 78 53 65 74 74 69 6e 67 73 2e 78 68 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 6e 65 77 20 43 2e 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 7d 63 61 74 63 68 28 65 29 7b 7d 7d 3b 76 61 72 20 5f 74 3d 7b 30 3a 32 30 30 2c 31 32 32 33 3a 32 30 34 7d 2c 7a 74 3d 53 2e 61 6a 61 78 53 65 74 74 69 6e 67 73 2e 78 68 72 28 29 3b 79 2e 63 6f 72 73 3d 21 21 7a 74 26 26 22 77 69 74 68 43 72 65 64 65 6e 74 69 61 6c 73 22 69 6e 20 7a 74 2c 79 2e 61 6a 61 78 3d 7a 74 3d 21 21 7a 74 2c 53 2e 61 6a 61 78 54 72 61 6e 73 70 6f 72 74 28 66 75 6e 63 74 69 6f 6e 28 69 29 7b 76 61 72 20 6f 2c 61 3b 69 66 28 79 2e 63 6f 72 73 7c 7c 7a 74 26 26 21 69 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 29 72 65 74 75 72 6e 7b
                                                                                                                                                                                                                                                  Data Ascii: length)},S.ajaxSettings.xhr=function(){try{return new C.XMLHttpRequest}catch(e){}};var _t={0:200,1223:204},zt=S.ajaxSettings.xhr();y.cors=!!zt&&"withCredentials"in zt,y.ajax=zt=!!zt,S.ajaxTransport(function(i){var o,a;if(y.cors||zt&&!i.crossDomain)return{


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  9192.168.2.849720161.35.127.1814432340C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:22 UTC672OUTGET /images/fast.png HTTP/1.1
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                  Referer: https://veryfast.io/installing2.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  Cookie: _fcid=1707144980615896
                                                                                                                                                                                                                                                  2024-02-05 14:56:22 UTC279INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:22 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                  Content-Length: 162
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Location: https://repository.pcapp.store/pcapp/images/fast.png
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  2024-02-05 14:56:22 UTC162INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  10192.168.2.849723161.35.127.1814432072C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:22 UTC183OUTGET /download.php?engine=1&guid=9AC52742-8547-84D6-5349-ECEC87A66D67 HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-02-05 14:56:22 UTC375INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:22 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Location: https://repcdn.veryfast.io/download/2.305/SetupEngine.exe
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                  2024-02-05 14:56:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  11192.168.2.84972537.19.206.54432340C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:23 UTC598OUTGET /pcapp/images/fast.png HTTP/1.1
                                                                                                                                                                                                                                                  Host: repository.pcapp.store
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                  Referer: https://veryfast.io/
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  2024-02-05 14:56:23 UTC742INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:23 GMT
                                                                                                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                                                                                                  Content-Length: 675
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  x-amz-id-2: PsMgB5ZerazVUf0wf+tDMNk6U+XiqfjxU/sslsY4GXbaALcSBcU+Ehx31kv+FFF8KbPM69qw5gvWgkNIZYe+GL+9M0Wa8mX+EhyQRshTf/8=
                                                                                                                                                                                                                                                  x-amz-request-id: F1P1BKV072T6T9D6
                                                                                                                                                                                                                                                  Last-Modified: Wed, 06 Sep 2023 14:24:13 GMT
                                                                                                                                                                                                                                                  ETag: "8d1ed092b3be364dc47574f1310d2c87"
                                                                                                                                                                                                                                                  x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                  x-amz-version-id: HQ57thsBQ1PGxyZzPkfpq8dFWC9.D1Yj
                                                                                                                                                                                                                                                  X-77-NZT: AiUTzgQ3Nzfv6MAAAJySO983NzfvT/IJAA
                                                                                                                                                                                                                                                  X-77-NZT-Ray: 8e305f1c42cd152a17f7c06562381a12
                                                                                                                                                                                                                                                  X-Accel-Expires: @1708096837
                                                                                                                                                                                                                                                  X-Accel-Date: 1707095599
                                                                                                                                                                                                                                                  X-77-Cache: HIT
                                                                                                                                                                                                                                                  X-77-Age: 701239
                                                                                                                                                                                                                                                  Server: CDN77-Turbo
                                                                                                                                                                                                                                                  X-Cache-LB: HIT
                                                                                                                                                                                                                                                  X-Age-LB: 49384
                                                                                                                                                                                                                                                  X-77-POP: ashburnUSVA
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  2024-02-05 14:56:23 UTC675INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 02 6a 49 44 41 54 78 da c5 56 4b 4b 1b 51 14 ce 9f eb d6 52 95 22 14 b2 71 a1 a6 15 84 08 5a 15 7c a2 50 a9 0f 0a a5 d0 22 62 c1 d4 27 2e 14 c5 07 88 0a 8d 58 69 45 05 17 42 36 96 36 5a e2 a0 63 34 ba 38 bd df d1 1b 6e 66 ee 24 4e 66 26 5e f8 20 64 31 df 77 1e df 39 27 14 2a c1 cb 24 f6 28 bd 32 4e c6 a7 56 ba 7c 1b 26 a3 a3 9a 7f 67 0e e3 14 38 f9 45 f4 25 5d bc 79 ae 47 5f 24 38 01 a6 b1 4f 00 48 1c 05 34 bf a2 c0 88 25 2e 97 3e 97 4e 80 95 bc 50 16 d0 07 81 12 4b a4 8e 56 39 5a ab 00 34 66 e0 e4 59 1c 2c b2 03 54 01 70 47 69 c8 25 92 3f 38 ed 2c 40 b8 c3 57 f2 bf 27 71 aa ef e8 a6 67 e1 08 a3 7d 70 38 af 90 eb ed 79 f2 35 72 90 bf ee 1a a0 fe d1 29
                                                                                                                                                                                                                                                  Data Ascii: PNGIHDR szzjIDATxVKKQR"qZ|P"b'.XiEB66Zc48nf$Nf&^ d1w9'*$(2NV|&g8E%]yG_$8OH4%.>NPKV9Z4fY,TpGi%?8,@W'qg}p8y5r)


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  12192.168.2.84972889.187.173.224432072C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:23 UTC157OUTGET /download/2.305/SetupEngine.exe HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Host: repcdn.veryfast.io
                                                                                                                                                                                                                                                  2024-02-05 14:56:23 UTC737INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:23 GMT
                                                                                                                                                                                                                                                  Content-Type: application/x-msdownload
                                                                                                                                                                                                                                                  Content-Length: 3208568
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  x-amz-id-2: Vm9kUAg8Xa6Of9kO2q7B2QUO3av8pnxIpA+Ja55SxcuaUXW5E1BZVgT25Fl265ELRCjoqy05AC73OL7QsgHkFhp59Fgmihz4cmy/gAvq+Ns=
                                                                                                                                                                                                                                                  x-amz-request-id: 10GWEW027KRDEM9C
                                                                                                                                                                                                                                                  Last-Modified: Fri, 17 Nov 2023 10:37:38 GMT
                                                                                                                                                                                                                                                  ETag: "6adc1c797360abee521cac2019130184"
                                                                                                                                                                                                                                                  x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                  x-amz-version-id: V82NUOJ7aeDIpt943Zx5Ic8vQUzQPDad
                                                                                                                                                                                                                                                  X-77-NZT: EggBWbutFQFBDAGckjvoAfcgLwMA
                                                                                                                                                                                                                                                  X-77-NZT-Ray: 256bf6190f87736317f7c06577921f2a
                                                                                                                                                                                                                                                  X-Accel-Expires: @1707973111
                                                                                                                                                                                                                                                  X-Accel-Date: 1706936311
                                                                                                                                                                                                                                                  X-77-Cache: HIT
                                                                                                                                                                                                                                                  X-77-Age: 208672
                                                                                                                                                                                                                                                  Server: CDN77-Turbo
                                                                                                                                                                                                                                                  X-Cache-LB: MISS
                                                                                                                                                                                                                                                  X-77-POP: miamiUSFL
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  2024-02-05 14:56:23 UTC15647INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 08 81 e9 50 66 d2 e9 50 66 d2 e9 50 66 d2 2a 5f 39 d2 eb 50 66 d2 e9 50 67 d2 4c 50 66 d2 2a 5f 3b d2 e6 50 66 d2 bd 73 56 d2 e3 50 66 d2 2e 56 60 d2 e8 50 66 d2 52 69 63 68 e9 50 66 d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 5a 9b 4f 61 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 6a 00 00 00 da 02 00 00 08 00
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1PfPfPf*_9PfPgLPf*_;PfsVPf.V`PfRichPfPELZOaj
                                                                                                                                                                                                                                                  2024-02-05 14:56:23 UTC16384INData Raw: 45 c8 00 05 00 00 89 45 d4 8d 45 c4 50 c7 45 e0 01 00 00 00 c7 45 d0 94 a3 40 00 e8 24 12 00 00 c9 c2 0c 00 55 8b ec 81 7d 0c 10 01 00 00 56 8b 75 14 75 26 ff 76 30 6a 1d ff 75 08 e8 39 fb ff ff 8b 46 3c c1 e0 0b 05 00 60 43 00 50 68 e8 03 00 00 ff 75 08 e8 02 12 00 00 56 ff 75 10 ff 75 0c e8 7b fb ff ff 5e 5d c2 10 00 55 8b ec 83 ec 4c a1 40 c2 42 00 53 89 45 e4 56 8b 58 3c 8b 40 38 c1 e3 0b 81 c3 00 60 43 00 81 7d 0c 0b 04 00 00 57 89 45 f8 75 11 53 68 fb 03 00 00 e8 c0 11 00 00 53 e8 fd 1d 00 00 81 7d 0c 10 01 00 00 8b 75 08 75 6c 68 fb 03 00 00 56 ff 15 64 82 40 00 53 8b f8 e8 9c 14 00 00 85 c0 74 10 53 e8 c6 14 00 00 85 c0 75 06 53 e8 11 14 00 00 53 57 89 35 d8 3e 43 00 ff 15 44 82 40 00 8b 45 14 ff 70 34 6a 01 56 e8 82 fa ff ff 8b 45 14 ff 70 30 6a
                                                                                                                                                                                                                                                  Data Ascii: EEEPEE@$U}Vuu&v0ju9F<`CPhuVuu{^]UL@BSEVX<@8`C}WEuShS}uulhVd@StSuSSW5>CD@Ep4jVEp0j
                                                                                                                                                                                                                                                  2024-02-05 14:56:23 UTC16384INData Raw: 73 00 00 54 02 53 65 74 44 6c 67 49 74 65 6d 54 65 78 74 57 00 14 01 47 65 74 44 6c 67 49 74 65 6d 54 65 78 74 57 00 e3 01 4d 65 73 73 61 67 65 42 6f 78 49 6e 64 69 72 65 63 74 57 00 2f 00 43 68 61 72 50 72 65 76 57 00 2a 00 43 68 61 72 4e 65 78 74 41 00 d7 02 77 73 70 72 69 6e 74 66 41 00 a2 00 44 69 73 70 61 74 63 68 4d 65 73 73 61 67 65 57 00 00 01 02 50 65 65 6b 4d 65 73 73 61 67 65 57 00 00 55 53 45 52 33 32 2e 64 6c 6c 00 00 0e 02 53 65 6c 65 63 74 4f 62 6a 65 63 74 00 00 3c 02 53 65 74 54 65 78 74 43 6f 6c 6f 72 00 00 16 02 53 65 74 42 6b 4d 6f 64 65 00 3d 00 43 72 65 61 74 65 46 6f 6e 74 49 6e 64 69 72 65 63 74 57 00 29 00 43 72 65 61 74 65 42 72 75 73 68 49 6e 64 69 72 65 63 74 00 8f 00 44 65 6c 65 74 65 4f 62 6a 65 63 74 00 00 6b 01 47 65 74 44
                                                                                                                                                                                                                                                  Data Ascii: sTSetDlgItemTextWGetDlgItemTextWMessageBoxIndirectW/CharPrevW*CharNextAwsprintfADispatchMessageWPeekMessageWUSER32.dllSelectObject<SetTextColorSetBkMode=CreateFontIndirectW)CreateBrushIndirectDeleteObjectkGetD
                                                                                                                                                                                                                                                  2024-02-05 14:56:24 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 db ed f6 1c d5 f0 f5 ba d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 d4 f0 f4 d9 c9 e6 f3 d9 7d 99 f2 d9 4f 6c f2 d9 4f 6c f2 d9 4f 6c f2 d9 4f 6c f2 d9 4f 6c f2 d9 51 6d f3 d0 80 8e ff 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                  Data Ascii: }OlOlOlOlOlQm
                                                                                                                                                                                                                                                  2024-02-05 14:56:24 UTC16384INData Raw: 1b 66 49 42 12 70 91 0b 5c e8 f8 5c c1 aa 15 b5 e1 4a 6d 83 bd 10 e7 df 28 26 79 e2 99 c9 71 7d 6f d6 de aa 5e 2f 7f 56 4f 93 c0 a7 2b 4b ae 80 80 e0 da 14 eb 55 dc d6 43 f4 aa 52 08 20 7a 4c ae b3 06 a8 21 50 d1 4d 84 3b 03 15 d3 89 90 ab 4c d5 69 33 94 f3 57 90 76 50 13 33 e4 86 58 dc b2 eb ac dc 21 83 14 9b cf 3d 71 04 84 14 1e 91 94 e9 c2 7a 4c 4d 1e aa 15 0a b1 9e 56 2b 4c ac 85 14 65 19 ac d8 9c e1 a9 5d b1 28 e6 11 a6 e1 49 d0 2a 31 60 b6 10 f3 80 7b d9 92 41 48 34 9f e5 24 db 8d 77 8a 59 a9 a3 5c cf 44 e8 a6 36 41 62 94 0c 8d e8 79 18 7f c6 f0 0c f8 cc 00 5d be 0f 28 42 5f 00 2c 7a 1c ed 28 92 ea 8a 89 e9 52 eb 25 22 b5 0e 11 7a 94 9e 51 a7 c5 87 6e cc 60 b3 c8 ae 4b 72 c3 10 02 46 01 00 8c 07 a4 d2 f9 5c e8 15 fc 5a bc 44 bb 86 a2 2f b3 f4 aa 5c
                                                                                                                                                                                                                                                  Data Ascii: fIBp\\Jm(&yq}o^/VO+KUCR zL!PM;Li3WvP3X!=qzLMV+Le](I*1`{AH4$wY\D6Aby](B_,z(R%"zQn`KrF\ZD/\
                                                                                                                                                                                                                                                  2024-02-05 14:56:24 UTC16384INData Raw: 5b aa 5f 25 d1 35 2d fe 7b 84 cb d1 37 8d 78 ca 65 a9 02 f8 83 52 37 2b 49 33 7d 59 5e ea 89 97 3d f1 5c c8 d1 0b f9 39 95 24 c6 4d af 4f 2e 96 02 c6 46 d1 4b e3 92 0b 7e 67 90 18 9f 01 8a 67 15 7d 56 40 9f fb 3f eb c0 d0 2f 01 5d b7 56 f7 5f ba a7 75 5b 75 bb 75 72 7d 96 7e 8e 7e b7 fe 0f fa 77 f5 61 fd 49 bd cc d0 df 90 63 c8 35 dc 6d b8 df f0 43 c3 23 86 ff 32 3c 63 78 c5 b0 cb f0 17 c3 49 43 7a ae 3a 77 6e ee f4 bc 35 c6 c7 8c bf 34 6e 33 fe c1 f8 27 e3 47 46 85 69 a8 69 a4 c9 60 b2 9b 6e 36 b9 4c b7 99 16 9b ee 32 ad 34 dd 67 5a 63 7a c4 b4 d1 f4 3f a6 6d a6 dd a6 37 4c 7f 34 fd c5 d4 65 fa d4 54 97 ff dd fc c6 fc 87 f2 9f cc 7f 36 7f 7b fe 9f f3 3f c8 8f e6 2b cd d9 e6 9b cc 0e b3 d3 7c 87 79 89 f9 21 f3 ab e6 5d e6 f7 cd a7 cd 72 8b d2 32 cc 72 ad
                                                                                                                                                                                                                                                  Data Ascii: [_%5-{7xeR7+I3}Y^=\9$MO.FK~gg}V@?/]V_u[uur}~~waIc5mC#2<cxICz:wn54n3'GFii`n6L24gZcz?m7L4eT6{?+|y!]r2r
                                                                                                                                                                                                                                                  2024-02-05 14:56:24 UTC16384INData Raw: 13 1d bd 22 e8 e9 a7 9b 2d a9 00 f3 e7 8e ff db 7f da 7a 43 a1 3a fb d5 58 ee b6 55 eb ef d5 e0 1b 0c 70 d2 23 64 e3 d2 fa ca 8d e5 5b 66 da 96 d5 69 6e 89 a8 d9 28 c7 a0 f1 33 a8 94 2d 0f 94 2d 31 dc b1 d3 70 dc ba 75 f3 d2 34 19 30 7f ec 58 62 92 b8 84 1c 1a 02 b8 e0 f4 41 8e e5 d1 44 44 dc c7 3c 9a 13 11 0f e7 40 b8 dd e7 ff 1c 3f 2a 82 f0 22 13 8d 2d fc 4f f8 86 92 d1 8c ff db 7f d1 da da b4 8d 0f 7f 9a 73 a7 41 a9 bd a5 20 d2 83 6f d1 fc 4e 9a 7f 02 9e 9f 95 f2 ad e1 f9 ba 0b a5 89 d8 f5 82 93 ef 25 44 ce b0 59 a4 7d 71 b6 05 f7 28 9e da e9 f7 d8 66 87 c1 54 bb 41 cc 57 54 56 e1 fe 61 81 cf 84 2a 93 c0 9e 3a dc 24 2f 6e e6 bb bd dd e2 66 e0 83 15 78 a7 06 cd 01 f2 b3 65 51 19 11 81 9c 97 e1 76 13 3c 6b 36 24 40 39 9b 1b f4 02 3c a7 b6 88 1f 3a b8 40
                                                                                                                                                                                                                                                  Data Ascii: "-zC:XUp#d[fin(3--1pu40XbADD<@?*"-OsA oN%DY}q(fTAWTVa*:$/nfxeQv<k6$@9<:@
                                                                                                                                                                                                                                                  2024-02-05 14:56:24 UTC16384INData Raw: b8 30 3b e0 1f 75 40 a7 4f c9 9f fe 90 e3 7f f9 45 c4 7f bb 0e ff f7 5c 24 fc 8f 3b a1 c3 ff d2 f6 ad 88 ff 2c 08 a3 a9 73 b6 d3 a2 3a e9 38 ce b4 3a 8e a1 3d ee 38 06 7a ed 3a 3c cf ef 1e 33 6f a4 b5 d5 86 8b dd d0 d0 54 8c f5 e5 ed 93 6f 3d 88 c5 ed c3 3e b2 0f 7a 2c fc 00 95 b7 e4 1f fd 50 5d 22 d8 47 4b 04 b9 58 3b d4 b0 3b 28 c3 77 c6 aa 19 be 65 e4 19 92 7e 9d 1b 47 c4 7b 8c 60 46 69 30 3f 53 60 62 80 7e 71 52 08 21 13 ba 72 13 81 2a 8e 3a 5d bd 04 fd 4b 0d 7a a7 9a 63 9b e3 68 6b ee 3c ca 71 80 60 7e ad 35 63 b5 02 63 a1 1c 53 28 c7 b9 94 9b 50 8e 90 1b b4 dc 66 29 90 63 31 37 9a e5 21 b0 18 02 4b d7 c0 cc 21 60 92 0a 66 23 b0 49 1a d8 27 51 7a b0 36 15 2c 85 c0 3e d3 aa f7 bb 10 30 46 60 80 bb 0c 02 fb 7f 1a d8 bf 45 e9 71 17 4f 2d 75 12 cc 91 31
                                                                                                                                                                                                                                                  Data Ascii: 0;u@OE\$;,s:8:=8z:<3oTo=>z,P]"GKX;;(we~G{`Fi0?S`b~qR!r*:]Kzchk<q`~5ccS(Pf)c17!K!`f#I'Qz6,>0F`EqO-u1
                                                                                                                                                                                                                                                  2024-02-05 14:56:24 UTC16384INData Raw: b8 02 5f a9 19 89 79 b9 c9 fe 01 08 cf 71 a0 da 1a 21 ef 25 64 e6 65 61 fe b8 0c b6 10 e9 5e fa 0e a4 89 65 b9 78 d9 ab b4 3c 96 2d 03 49 13 07 f2 46 5a 1e 77 2a 27 1e bb 2e 37 fe 54 69 3c 74 e0 a9 b2 f8 35 21 5b 9c f9 4a 5d e2 80 32 20 9d 03 3a c7 6e 9a c4 32 b5 e3 f1 67 c8 49 93 0e da bb 1a c6 f9 4c 73 80 cc 88 4a 5d 89 ee 0c 41 ee ba 2f 6c 2a ce 74 cf a1 65 fd 26 ab 77 88 8e c5 66 3b e3 32 88 2e 63 70 04 4f b0 1f 14 c7 4b 0f 80 91 2a a5 c1 6f 9b d9 7f 53 d3 4e 8b e0 b1 c0 e7 04 18 7e 13 a4 f9 fe 6b f0 ac db 09 f6 85 66 30 6a 1f 30 e3 46 ff 8b 4d db 2c 82 b5 e5 ff e1 e9 1e e8 d0 b7 ca c4 26 42 46 73 59 01 0c 5f 48 3d db 5e 6f 86 7e 1a 28 92 3f c4 6b af 72 4c 5d 60 1b 22 60 06 be e1 ac 0c ba a7 7b 20 ce bf 08 13 88 37 20 40 d7 c2 30 20 06 26 73 a2 3d 85
                                                                                                                                                                                                                                                  Data Ascii: _yq!%dea^ex<-IFZw*'.7Ti<t5![J]2 :n2gILsJ]A/l*te&wf;2.cpOK*oSN~kf0j0FM,&BFsY_H=^o~(?krL]`"`{ 7 @0 &s=
                                                                                                                                                                                                                                                  2024-02-05 14:56:24 UTC16384INData Raw: ba 55 48 37 f0 aa c7 f8 73 83 27 1d 76 ac 5e 6e ce f5 55 58 76 18 43 e8 8e 41 f6 33 75 30 bd 9d ae a6 f2 1a 79 44 97 55 c7 49 f2 48 da d2 53 bd 3d 3a cb 06 b6 cf f9 06 d9 d5 22 bb c2 2b 6e 76 b8 eb 9b 63 75 6f d7 fe 6e 8e 77 7a bb f6 5f 73 64 21 8f 1c dc f7 ce a3 b9 c4 20 b7 8b a6 e3 fa 36 32 c1 c2 ad d3 1c 17 b6 35 ba 89 f9 9e c4 dc 36 96 8e 02 96 18 37 5d 73 6c dd 86 2d 3d ee c8 e6 28 da 42 64 c6 c7 1d e4 11 f7 8b 74 7c 4f 1e b1 93 77 ac 23 8f b8 0b a4 63 15 79 c4 0d 1f 1d b9 e4 11 1b 7c c7 e2 2d ee e1 e3 6c f2 88 cb fd 8e e4 2d 6e 5d 4c c1 c7 e8 15 8e f1 5b d8 c1 e1 c8 2d 8f 6c 0c 67 62 92 6b b0 e9 cf c5 fd f8 1c f4 96 a6 8c 0b 3d f3 c2 ed 65 e8 a8 db 4a f2 82 bb eb 39 98 ad 4d 19 0f f5 24 e6 f6 0e 74 1c 64 89 89 c6 7e d9 4a 66 ee 08 de 4c 1e 71 f7 3a
                                                                                                                                                                                                                                                  Data Ascii: UH7s'v^nUXvCA3u0yDUIHS=:"+nvcuonwz_sd! 62567]sl-=(Bdt|Ow#cy|-l-n]L[-lgbk=eJ9M$td~JfLq:


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  13192.168.2.849729161.35.127.1814432340C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:23 UTC668OUTGET /favicon.ico HTTP/1.1
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                  Referer: https://veryfast.io/installing2.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  Cookie: _fcid=1707144980615896
                                                                                                                                                                                                                                                  2024-02-05 14:56:23 UTC307INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:23 GMT
                                                                                                                                                                                                                                                  Content-Type: image/x-icon
                                                                                                                                                                                                                                                  Content-Length: 5430
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                  2024-02-05 14:56:23 UTC5430INData Raw: 00 00 01 00 02 00 10 10 00 00 00 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 00 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 77 8e f5 ff 68 81 f4 41 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 94 d9 f4 bf 68 ca f0 ff 78 d0 f1 bf b0 e4 f7 41 ff ff ff 01 c3 cd fb 41 4f 6c f2 ff 55 71 f2 ff 7a 90 f5 41 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 7f d2 f2 bf 5e c7 ef ff 5e c7 ef ff 62 c5 eb ff 7c d1 f2 41 9c ae f6 7f 4f 6c f2 ff 4f 6c f2 ff 6c 84 f4 ff ff ff ff 01 ff ff ff 01 ff
                                                                                                                                                                                                                                                  Data Ascii: h& ( @whAhxAAOlUqzA^^b|AOlOll


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  14192.168.2.84973037.19.206.54432340C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:23 UTC367OUTGET /pcapp/images/fast.png HTTP/1.1
                                                                                                                                                                                                                                                  Host: repository.pcapp.store
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  2024-02-05 14:56:24 UTC742INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:24 GMT
                                                                                                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                                                                                                  Content-Length: 675
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  x-amz-id-2: PsMgB5ZerazVUf0wf+tDMNk6U+XiqfjxU/sslsY4GXbaALcSBcU+Ehx31kv+FFF8KbPM69qw5gvWgkNIZYe+GL+9M0Wa8mX+EhyQRshTf/8=
                                                                                                                                                                                                                                                  x-amz-request-id: F1P1BKV072T6T9D6
                                                                                                                                                                                                                                                  Last-Modified: Wed, 06 Sep 2023 14:24:13 GMT
                                                                                                                                                                                                                                                  ETag: "8d1ed092b3be364dc47574f1310d2c87"
                                                                                                                                                                                                                                                  x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                  x-amz-version-id: HQ57thsBQ1PGxyZzPkfpq8dFWC9.D1Yj
                                                                                                                                                                                                                                                  X-77-NZT: AiUTzgQ3Nzfv6cAAAJySO983NzfvT/IJAA
                                                                                                                                                                                                                                                  X-77-NZT-Ray: 8e305f1c92bc283d18f7c065ecc70002
                                                                                                                                                                                                                                                  X-Accel-Expires: @1708096837
                                                                                                                                                                                                                                                  X-Accel-Date: 1707095599
                                                                                                                                                                                                                                                  X-77-Cache: HIT
                                                                                                                                                                                                                                                  X-77-Age: 701240
                                                                                                                                                                                                                                                  Server: CDN77-Turbo
                                                                                                                                                                                                                                                  X-Cache-LB: HIT
                                                                                                                                                                                                                                                  X-Age-LB: 49385
                                                                                                                                                                                                                                                  X-77-POP: ashburnUSVA
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  2024-02-05 14:56:24 UTC675INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 02 6a 49 44 41 54 78 da c5 56 4b 4b 1b 51 14 ce 9f eb d6 52 95 22 14 b2 71 a1 a6 15 84 08 5a 15 7c a2 50 a9 0f 0a a5 d0 22 62 c1 d4 27 2e 14 c5 07 88 0a 8d 58 69 45 05 17 42 36 96 36 5a e2 a0 63 34 ba 38 bd df d1 1b 6e 66 ee 24 4e 66 26 5e f8 20 64 31 df 77 1e df 39 27 14 2a c1 cb 24 f6 28 bd 32 4e c6 a7 56 ba 7c 1b 26 a3 a3 9a 7f 67 0e e3 14 38 f9 45 f4 25 5d bc 79 ae 47 5f 24 38 01 a6 b1 4f 00 48 1c 05 34 bf a2 c0 88 25 2e 97 3e 97 4e 80 95 bc 50 16 d0 07 81 12 4b a4 8e 56 39 5a ab 00 34 66 e0 e4 59 1c 2c b2 03 54 01 70 47 69 c8 25 92 3f 38 ed 2c 40 b8 c3 57 f2 bf 27 71 aa ef e8 a6 67 e1 08 a3 7d 70 38 af 90 eb ed 79 f2 35 72 90 bf ee 1a a0 fe d1 29
                                                                                                                                                                                                                                                  Data Ascii: PNGIHDR szzjIDATxVKKQR"qZ|P"b'.XiEB66Zc48nf$Nf&^ d1w9'*$(2NV|&g8E%]yG_$8OH4%.>NPKV9Z4fY,TpGi%?8,@W'qg}p8y5r)


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  15192.168.2.849732161.35.127.1814432340C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:24 UTC378OUTGET /favicon.ico HTTP/1.1
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  Cookie: _fcid=1707144980615896
                                                                                                                                                                                                                                                  2024-02-05 14:56:24 UTC307INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:24 GMT
                                                                                                                                                                                                                                                  Content-Type: image/x-icon
                                                                                                                                                                                                                                                  Content-Length: 5430
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                  2024-02-05 14:56:24 UTC5430INData Raw: 00 00 01 00 02 00 10 10 00 00 00 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 00 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 77 8e f5 ff 68 81 f4 41 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 94 d9 f4 bf 68 ca f0 ff 78 d0 f1 bf b0 e4 f7 41 ff ff ff 01 c3 cd fb 41 4f 6c f2 ff 55 71 f2 ff 7a 90 f5 41 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 7f d2 f2 bf 5e c7 ef ff 5e c7 ef ff 62 c5 eb ff 7c d1 f2 41 9c ae f6 7f 4f 6c f2 ff 4f 6c f2 ff 6c 84 f4 ff ff ff ff 01 ff ff ff 01 ff
                                                                                                                                                                                                                                                  Data Ascii: h& ( @whAhxAAOlUqzA^^b|AOlOll


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  16192.168.2.84973718.67.65.204432072C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:25 UTC165OUTGET /download/SetupResources.exe HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                  Host: d1uyoz7mfvzv4e.cloudfront.net
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-02-05 14:56:25 UTC549INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Content-Type: application/x-msdownload
                                                                                                                                                                                                                                                  Content-Length: 55410880
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Last-Modified: Tue, 30 Aug 2022 22:38:00 GMT
                                                                                                                                                                                                                                                  x-amz-version-id: h9p.op9tD94uGxrDnBs9nCjFXcAvGcy0
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Server: AmazonS3
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:26 GMT
                                                                                                                                                                                                                                                  ETag: "39dff10c7fa51cd63a02862323bb6b41-4"
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  X-Cache: RefreshHit from cloudfront
                                                                                                                                                                                                                                                  Via: 1.1 199b065e4c1253c9590e1b5e57083906.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                  X-Amz-Cf-Pop: IAD89-P1
                                                                                                                                                                                                                                                  X-Amz-Cf-Id: Lm9_srS3QdIFwtk2_x6ZIoJGQPrHe9SRkva3jW3dFb-774qU9nreVQ==
                                                                                                                                                                                                                                                  2024-02-05 14:56:25 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 33 28 81 e9 52 46 d2 e9 52 46 d2 e9 52 46 d2 2a 5d 19 d2 eb 52 46 d2 e9 52 47 d2 70 52 46 d2 2a 5d 1b d2 e6 52 46 d2 bd 71 76 d2 e3 52 46 d2 2e 54 40 d2 e8 52 46 d2 52 69 63 68 e9 52 46 d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 6f 79 7f 56 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 60 00 00 00 84 02 00 00 04 00
                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$3(RFRFRF*]RFRGpRF*]RFqvRF.T@RFRichRFPELoyV`
                                                                                                                                                                                                                                                  2024-02-05 14:56:25 UTC16384INData Raw: 00 00 75 32 a1 9c a0 42 00 3b c7 74 07 50 ff 15 30 70 40 00 a1 b4 a0 42 00 3b c7 74 07 50 ff 15 f4 70 40 00 89 3d 9c a0 42 00 89 3d b4 a0 42 00 89 3d a0 ec 42 00 81 7d 0c 0f 04 00 00 0f 85 47 01 00 00 57 57 e8 a5 c5 ff ff 39 7d 10 74 07 6a 08 e8 b5 c7 ff ff 39 7d 14 74 3f ff 35 b4 a0 42 00 e8 7c c6 ff ff 8b d8 53 e8 2b c6 ff ff 33 c0 33 c9 3b df 7e 0e 8b 55 f0 39 3c 82 74 01 41 40 3b c3 7c f2 57 51 68 4e 01 00 00 ff 75 f8 ff d6 89 5d 14 c7 45 0c 20 04 00 00 57 57 e8 4e c5 ff ff a1 b4 a0 42 00 39 3d 6c ec 42 00 89 45 e4 a1 68 ec 42 00 c7 45 c8 30 f0 00 00 89 7d f4 0f 8e 9c 00 00 00 8d 58 08 8b 45 e4 8b 4d f4 8b 04 88 3b c7 74 74 8b 0b 89 45 c0 f6 c5 01 c7 45 bc 08 00 00 00 74 11 8d 43 10 c7 45 bc 09 00 00 00 89 45 cc 80 63 01 fe f6 c1 40 74 05 6a 03 58 eb
                                                                                                                                                                                                                                                  Data Ascii: u2B;tP0p@B;tPp@=B=B=B}GWW9}tj9}t?5B|S+33;~U9<tA@;|WQhNu]E WWNB9=lBEhBE0}XEM;ttEEtCEEc@tjX
                                                                                                                                                                                                                                                  2024-02-05 14:56:25 UTC5608INData Raw: ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 a7 b5 f8 ff 81 96 f6 ff ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 68 81 f4 ff 4f 6c f2 ff 68 81 f4 ff ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 ff ff ff 01 90 d8 f4 ff 69 cb f0 ff 7c d1 f2
                                                                                                                                                                                                                                                  Data Ascii: hOlhi|
                                                                                                                                                                                                                                                  2024-02-05 14:56:25 UTC16384INData Raw: ff ff 82 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 02 40 00 00 c1 00 54 01 01 00 15 04 00 00 ff ff 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 50 05 00 bc 00 42 01 08 00 e8 04 00 00 ff ff 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 58 05 00 bc 00 42 01 08 00 04 04 00 00 ff ff 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 50 00 00 00 00 4c 01 23 00 0a 04 00 00 ff ff 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 50 0a 00 05 00 18 01 0a 00 0d 04 00 00 ff ff 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 50 0f 00 10 00 13 01 10 00 0e 04 00 00 ff ff 82 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 02 50 2c 01 08 00 15 00 14 00 0f 04 00 00 ff ff 82 00 ff ff 67 00 00 00 00 00 00 00 00 00 01 00 ff ff 00 00 00 00 00 00 00 00 48 04 00
                                                                                                                                                                                                                                                  Data Ascii: @TPBXBPL#PPP,gH
                                                                                                                                                                                                                                                  2024-02-05 14:56:25 UTC16384INData Raw: a8 73 b4 77 70 be 0f c6 8b 46 04 8d a0 29 89 79 66 e7 b0 73 06 8f 9e 1d 37 a8 f3 ea ab 48 bb 4b 96 0e ea d3 b3 74 f0 ad ae 31 73 44 38 45 88 de d8 3b 68 75 0e db fb 60 0c 38 82 9e a3 f6 0f 60 3f 89 ba ef 5a 07 07 e1 8c a9 21 9e b5 30 10 3b e7 e8 75 1b 06 db 7a 7d d0 66 db 0a cc 78 bf 73 da de 3b c3 a9 b9 df f6 60 25 61 9c 07 cc 97 ba 27 ed bd 0e fc 01 8b d3 86 89 b5 4e c1 48 c3 ed 76 db 7f 3b 87 07 e1 cb 68 bf 75 d8 7a 0b f3 7c bc c4 12 c1 5e ed 9d 9f 92 fd 07 d7 a5 7b fe ba 0b e6 a1 f3 b3 76 f4 f6 f8 78 9f 16 bf db 3e fd 01 d8 75 f7 bb e8 e0 b8 4b ab 87 51 2d d4 d2 7e eb ac 45 03 80 66 60 f9 e0 11 f8 fd f5 79 b7 43 0b d9 39 02 29 fb f4 fc 04 39 e6 26 ac c2 7b 58 26 18 6b 0b 5e df a7 15 3f 3e c2 69 cb 21 6a 1f 9f fe 88 8d e3 9a 88 f9 e9 fd bb 36 7c 7e 8a
                                                                                                                                                                                                                                                  Data Ascii: swpF)yfs7HKt1sD8E;hu`8`?Z!0;uz}fxs;`%a'NHv;huz|^{vx>uKQ-~Ef`yC9)9&{X&k^?>i!j6|~
                                                                                                                                                                                                                                                  2024-02-05 14:56:25 UTC16384INData Raw: a0 64 fb a2 ca 8a 15 c4 84 01 ed fa 50 4e 6b af c2 50 cf 78 2a 96 c8 09 a3 a9 c9 6a 8c 4a 99 79 b7 59 b3 08 be d9 46 98 c0 15 e4 fb 92 a0 0b b4 c8 0b 3c a1 48 06 b3 a1 8b d7 30 94 9a 45 6b a6 d6 df 59 ef 29 39 4d 28 a4 8a 0d 36 9e 19 99 0d e9 65 5d ab ec 11 ad 75 85 1a 83 0f ac 32 cf 7e e1 4a 0f 4c a0 6c 1f 55 f4 a1 b5 19 a2 d1 4d 0c ac 04 45 b0 81 16 a1 88 36 77 2b 83 00 fd 00 4d c6 41 82 20 2d 8c 08 47 0d 92 08 a2 08 78 a7 fe 30 9c 7e e7 99 74 2e c7 b3 d0 72 f7 87 cb e9 77 66 84 87 20 33 32 e6 0f 4f c7 f7 d9 d5 38 fa be 19 bd ce 6e 60 2c 3f c1 5f cd 0b fc f5 2f 6c 81 4f 91 cb 0e a6 7c c6 31 8b e4 f6 ea 2c 56 70 f3 3f 4e 62 90 7c 5b 20 de 42 b4 e3 96 70 f9 11 c6 b0 6e a1 0d 9d 04 86 5e 1e 17 98 ed 49 32 06 4b 2c d1 0a 73 81 5c c8 40 ec 2f f7 a7 d4 df 2e
                                                                                                                                                                                                                                                  Data Ascii: dPNkPx*jJyYF<H0EkY)9M(6e]u2~JLlUME6w+MA -Gx0~t.rwf 32O8n`,?_/lO|1,Vp?Nb|[ Bpn^I2K,s\@/.
                                                                                                                                                                                                                                                  2024-02-05 14:56:25 UTC16384INData Raw: 2f ac ed b2 f9 17 68 1a 7e cd 69 15 38 71 84 cb 25 e1 20 18 d6 3c 4e ce 5a 3c 87 c9 d4 00 71 8e 81 be a0 07 8d 79 1d 5a 82 2f 12 33 3b 0b 7a 99 e3 7c 63 53 10 1c a2 28 61 cb b3 c8 55 11 9d ab 95 f8 09 df a6 83 13 90 9f e1 0a b7 c6 e9 88 ce e1 db ce 1b 00 86 d0 6e df d5 7b 08 87 23 cf d2 fe d6 65 3a f8 94 26 d7 4d 4e 07 48 c6 59 cc 0e 58 7c 1a 6f ff 17 fe b8 e8 6d bf d8 86 c0 a3 f1 c7 07 f8 17 bf 59 ec 5f fc 66 65 fe 45 cd 0e a8 d9 01 35 3b a0 66 07 d4 ec 80 9a 1d 50 b3 03 6a 76 40 cd 0e a8 d9 01 35 3b a0 66 07 d4 ec 80 9a 1d 50 b3 03 6a 76 40 cd 0e a8 d9 01 35 3b a0 66 07 d4 ec 80 9a 1d 50 b3 03 6a 76 40 cd 0e a8 d9 01 35 3b a0 66 07 d4 ec 80 9a 1d 50 b3 03 6a 76 40 cd 0e a8 d9 01 35 3b a0 66 07 d4 ec 80 9a 1d 50 b3 03 6a 76 40 cd 0e a8 d9 01 7f a9 ec 80
                                                                                                                                                                                                                                                  Data Ascii: /h~i8q% <NZ<qyZ/3;z|cS(aUn{#e:&MNHYX|omY_feE5;fPjv@5;fPjv@5;fPjv@5;fPjv@5;fPjv@
                                                                                                                                                                                                                                                  2024-02-05 14:56:25 UTC11216INData Raw: ad ae 18 19 c1 19 55 8d 9d f2 34 97 74 6c 93 d3 3f 92 4a 15 1c ad 0c 30 95 b9 45 62 fe f3 4b a8 40 f7 a9 97 6c 2d 67 24 be 09 53 1d 0f 45 c3 c2 40 8e 08 3c c7 22 3e 59 bc 27 ea fe 4b 25 ad 21 f6 b2 09 18 6c 26 39 00 c3 5c 86 50 fa 26 83 b2 d6 3f 3f e7 d5 cd a5 e4 c1 99 53 00 d9 34 09 65 77 1d ca e7 c9 35 d0 b1 c3 d5 0a 4a 5a 38 8a 05 53 e6 4a b3 29 e6 6f dc e0 41 6d 19 a7 e3 8a 8c 04 4f 8b eb ca bb dc ad c4 cf 12 0a 71 fd 6b e4 94 5e cd 97 28 10 02 26 2b d6 87 4a c9 53 13 87 cd a9 e0 33 37 23 94 62 93 53 61 57 d2 55 f4 55 3c 78 5f 91 63 13 a4 b1 e6 1e b8 79 fe a5 23 43 dd 20 e3 40 32 a0 36 8a df 2f f0 16 be 9c 7b 58 c6 ea e2 25 ed 55 5a 47 9b 8c e3 82 31 ec cc b9 cd e3 fe b0 5a a4 ac ad 51 95 8e 5f b2 49 d9 c1 bb ed f7 6c 24 f1 e1 42 50 ec 44 c7 11 dc 3b
                                                                                                                                                                                                                                                  Data Ascii: U4tl?J0EbK@l-g$SE@<">Y'K%!l&9\P&??S4ew5JZ8SJ)oAmOqk^(&+JS37#bSaWUU<x_cy#C @26/{X%UZG1ZQ_Il$BPD;
                                                                                                                                                                                                                                                  2024-02-05 14:56:25 UTC14985INData Raw: b2 5e 1a 09 ff ed b5 b5 68 49 dd 31 bb 99 bb 55 68 17 4a 5c 83 fe 6a 2c a5 8a a4 39 17 91 98 9c 58 7c 3d 7d 5d 50 57 15 26 82 ec 88 e7 df 51 0b 48 e8 fb 68 66 60 ed 4c 00 d5 d9 78 36 cd de 82 1e 3d 52 39 f8 97 1e 85 0f ca e2 5f cd 55 f3 a0 74 6b 9e 7e 67 8e c2 03 81 ff e0 a4 95 ad 43 9a 2a d8 34 72 e4 ba fc 8c 28 64 46 b7 c3 b2 ee ae 0d 5a ac e7 6e 50 cb 0f b2 a5 9f fb 42 1b 22 a1 5d 75 8d 1c e4 80 cc fb c8 cd b7 60 d2 ec 0f af 2e fa 78 a2 63 ca 13 02 dd 88 86 61 96 36 ec 7b 51 ed 5f 64 21 1f 04 a0 b3 76 01 62 e2 a4 23 9d cc 07 33 2b 4b 77 85 b5 66 f2 4d 4b 49 04 e1 2a f8 ed 03 f1 d2 cf d9 85 26 df 19 fa 97 09 06 2f 04 a5 56 c7 d1 6b 3c a8 35 ad 89 6d 06 7c 3d 4d 8f 41 ae 0c 8d c0 d6 0b 14 4d 13 16 5b a3 77 a8 8d af 3c bc 7f 09 06 82 11 30 0f 7a c9 33 08
                                                                                                                                                                                                                                                  Data Ascii: ^hI1UhJ\j,9X|=}]PW&QHhf`Lx6=R9_Utk~gC*4r(dFZnPB"]u`.xca6{Q_d!vb#3+KwfMKI*&/Vk<5m|=MAM[w<0z3
                                                                                                                                                                                                                                                  2024-02-05 14:56:25 UTC16384INData Raw: 78 01 30 38 98 e2 5b 27 76 b9 c9 43 55 ba f1 04 5a 00 92 4c e6 38 e8 b3 64 3a 93 f9 6e 17 c6 07 7a 5a dd 4b 03 26 e1 57 c9 4a 30 c7 36 bf 31 b0 03 44 ed 49 f6 0c b2 20 cc c6 77 de 11 38 47 95 f7 88 a3 13 97 32 93 11 aa dc 6b 73 bb 28 e0 a5 ce e7 86 32 86 3d 7b 4a a4 87 7b d4 ee b9 27 11 c8 bc 37 83 10 0c 9c 1f 3f bd 56 d2 90 42 d2 50 43 1b 05 2f 3a ac 13 2c 5f 4a 72 a4 65 a7 a2 7c 34 a1 d6 ea 32 54 a5 e1 d6 d2 35 5c 7c 12 ad aa c1 69 dd aa 55 d3 ed 81 71 25 43 29 b8 09 ae 1c a0 92 3a 01 49 ba 70 9b 18 4e 06 8d 4f 37 f9 a9 ef 80 67 7b bf 0e 60 70 92 f4 69 9a 50 2f ae 70 96 75 c8 8d 40 33 ee 1f cd 09 d3 eb bc 50 61 9d d2 3b cd a7 0c dc 3d b1 c8 00 8b 96 a6 ed 2c d5 17 8e d1 c0 3e d5 e7 c8 2e 1f c4 3e 32 89 87 33 a1 55 b7 a1 16 ad 91 66 c1 d1 96 2a 12 e8 ea
                                                                                                                                                                                                                                                  Data Ascii: x08['vCUZL8d:nzZK&WJ061DI w8G2ks(2={J{'7?VBPC/:,_Jre|42T5\|iUq%C):IpNO7g{`piP/pu@3Pa;=,>.>23Uf*


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  17192.168.2.84974040.68.123.157443
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:34 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=S7WXRsuOLGYF5hF&MD=NEsUzxVg HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                                  Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                                  2024-02-05 14:56:34 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Expires: -1
                                                                                                                                                                                                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                                  ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                                                                                  MS-CorrelationId: 9e81b76f-8af1-420f-8d7f-81d98b1df180
                                                                                                                                                                                                                                                  MS-RequestId: cd8aa265-23f3-4ebc-b571-779322c29f88
                                                                                                                                                                                                                                                  MS-CV: uG4cMRNiOUCetTN9.0
                                                                                                                                                                                                                                                  X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:33 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Length: 24490
                                                                                                                                                                                                                                                  2024-02-05 14:56:34 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                                                                                  Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                                                                                  2024-02-05 14:56:34 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                                                                                                  Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                  18192.168.2.84974523.206.229.226443
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:34 UTC2171OUTPOST /threshold/xls.aspx HTTP/1.1
                                                                                                                                                                                                                                                  Origin: https://www.bing.com
                                                                                                                                                                                                                                                  Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Accept-Language: en-CH
                                                                                                                                                                                                                                                  Content-type: text/xml
                                                                                                                                                                                                                                                  X-Agent-DeviceId: 01000A4109008217
                                                                                                                                                                                                                                                  X-BM-CBT: 1696494873
                                                                                                                                                                                                                                                  X-BM-DateFormat: dd/MM/yyyy
                                                                                                                                                                                                                                                  X-BM-DeviceDimensions: 784x984
                                                                                                                                                                                                                                                  X-BM-DeviceDimensionsLogical: 784x984
                                                                                                                                                                                                                                                  X-BM-DeviceScale: 100
                                                                                                                                                                                                                                                  X-BM-DTZ: 120
                                                                                                                                                                                                                                                  X-BM-Market: CH
                                                                                                                                                                                                                                                  X-BM-Theme: 000000;0078d7
                                                                                                                                                                                                                                                  X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                                                                                                                                                                                                                                                  X-Device-ClientSession: 229C124F14F843F693B4EF574DFCAAAB
                                                                                                                                                                                                                                                  X-Device-isOptin: false
                                                                                                                                                                                                                                                  X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                                                                                                                                                                                                                                  X-Device-OSSKU: 48
                                                                                                                                                                                                                                                  X-Device-Touch: false
                                                                                                                                                                                                                                                  X-DeviceID: 01000A4109008217
                                                                                                                                                                                                                                                  X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40
                                                                                                                                                                                                                                                  X-MSEdge-ExternalExpType: JointCoord
                                                                                                                                                                                                                                                  X-PositionerType: Desktop
                                                                                                                                                                                                                                                  X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                                                                                                                                                                                                                                  X-Search-CortanaAvailableCapabilities: None
                                                                                                                                                                                                                                                  X-Search-SafeSearch: Moderate
                                                                                                                                                                                                                                                  X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                                                                                                                                                                                                                                                  X-UserAgeClass: Unknown
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                  Host: www.bing.com
                                                                                                                                                                                                                                                  Content-Length: 516
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Cookie: SRCHUID=V=2&GUID=7A0479E0E07C4D7D91A8C7552F34E6D4&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&LUT=1696493908190&IPMH=7bc3b11d&IPMID=1696494873321&HV=1696494765; CortanaAppUID=0A2376201E427A029407F32A9072506A; MUID=4E6D5F19647E45969740B90CC0355D4C; _SS=SID=1F4D6C7F4B26664337657FDE4A3767CB&CPID=1696494874312&AC=1&CPH=893a1c21; _EDGE_S=SID=1F4D6C7F4B26664337657FDE4A3767CB; MUIDB=4E6D5F19647E45969740B90CC0355D4C
                                                                                                                                                                                                                                                  2024-02-05 14:56:34 UTC1OUTData Raw: 3c
                                                                                                                                                                                                                                                  Data Ascii: <
                                                                                                                                                                                                                                                  2024-02-05 14:56:34 UTC515OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 34 45 36 44 35 46 31 39 36 34 37 45 34 35 39 36 39 37 34 30 42 39 30 43 43 30 33 35 35 44 34 43 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 30 36 38 37 30 43 30 39 41 31 46 37 34 43 39 43 42 33 41 42 46 30 34 30 46 43 39 46 30 41 37 38 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
                                                                                                                                                                                                                                                  Data Ascii: ClientInstRequest><CID>4E6D5F19647E45969740B90CC0355D4C</CID><Events><E><T>Event.ClientInst</T><IG>06870C09A1F74C9CB3ABF040FC9F0A78</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
                                                                                                                                                                                                                                                  2024-02-05 14:56:35 UTC476INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                  X-MSEdge-Ref: Ref A: FF50C9D0F6974B638F94D7A1A7BF82B6 Ref B: LAXEDGE1821 Ref C: 2024-02-05T14:56:34Z
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:34 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=93600
                                                                                                                                                                                                                                                  X-CDN-TraceID: 0.e2d7ce17.1707144994.17b89aea


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  19192.168.2.849748161.35.127.1814437948C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:35 UTC238OUTGET /pixel.gif?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&version=2.305&evt_src=installer&evt_action=start&channelId= HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-02-05 14:56:35 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:35 GMT
                                                                                                                                                                                                                                                  Content-Type: image/gif
                                                                                                                                                                                                                                                  Content-Length: 42
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                  2024-02-05 14:56:35 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                  Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  20192.168.2.849749161.35.127.1814437948C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:36 UTC232OUTGET /pixel.gif?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&version=2.305&evt_src=installer&evt_action=installing HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-02-05 14:56:36 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:36 GMT
                                                                                                                                                                                                                                                  Content-Type: image/gif
                                                                                                                                                                                                                                                  Content-Length: 42
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                  2024-02-05 14:56:36 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                  Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  21192.168.2.849750161.35.127.1814437948C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:54 UTC792OUTGET /pixel.gif?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&version=2.305&evt_src=installer&evt_action=systeminfo&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-02-05 14:56:55 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:55 GMT
                                                                                                                                                                                                                                                  Content-Type: image/gif
                                                                                                                                                                                                                                                  Content-Length: 42
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                  2024-02-05 14:56:55 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                  Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  22192.168.2.849751161.35.127.1814437948C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:56:55 UTC759OUTGET /register.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&ch=&version=2.305&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=TT1GN5&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=5SMPVRWU%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-02-05 14:56:55 UTC341INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:56:55 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Content-Length: 29
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                  2024-02-05 14:56:55 UTC29INData Raw: 30 2c 30 2c 30 2c 31 2c 32 2c 36 34 2c 32 2c 35 2c 32 35 36 2c 31 2c 32 2c 36 34 2c 31
                                                                                                                                                                                                                                                  Data Ascii: 0,0,0,1,2,64,2,5,256,1,2,64,1


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  23192.168.2.849753161.35.127.1814432340C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:57:05 UTC748OUTGET /installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid= HTTP/1.1
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                  Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                  Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  Cookie: _fcid=1707144980615896
                                                                                                                                                                                                                                                  2024-02-05 14:57:05 UTC349INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:57:05 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                  2024-02-05 14:57:05 UTC13611INData Raw: 31 66 32 37 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 73 72 63 2f 69 6e 69 74 69 61 74 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 61 73 74 21 20 49 6e 73 74 61 6c 6c 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 20 53 61 6e 73 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 3e 0a 09 3c 73 74 79 6c 65 3e 0a 09 09 62 6f 64 79 20 7b 0a 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4f 70 65 6e 20 53 61 6e 73 27 3b 0a 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 09 09 63 6f 6c 6f 72 3a 20
                                                                                                                                                                                                                                                  Data Ascii: 1f27<html><head> <script src="src/initiate.js"></script> <title>Fast! Installed</title> <link href='//fonts.googleapis.com/css?family=Open Sans' rel='stylesheet'><style>body {font-family: 'Open Sans';font-size: 12px;color:


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  24192.168.2.849754161.35.127.1814437948C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:57:05 UTC226OUTGET /pixel.gif?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=&version=2.305&evt_src=installer&evt_action=done HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-02-05 14:57:05 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:57:05 GMT
                                                                                                                                                                                                                                                  Content-Type: image/gif
                                                                                                                                                                                                                                                  Content-Length: 42
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                  2024-02-05 14:57:05 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                  Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  25192.168.2.849752161.35.127.1814432340C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:57:05 UTC616OUTGET /src/initiate.js HTTP/1.1
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                  Referer: https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  Cookie: _fcid=1707144980615896
                                                                                                                                                                                                                                                  2024-02-05 14:57:05 UTC314INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:57:05 GMT
                                                                                                                                                                                                                                                  Content-Type: application/javascript
                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  26192.168.2.849755161.35.127.1814432340C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:57:06 UTC623OUTGET /src/main.js?t=20171020 HTTP/1.1
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                  Referer: https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  Cookie: _fcid=1707144980615896
                                                                                                                                                                                                                                                  2024-02-05 14:57:06 UTC362INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:57:06 GMT
                                                                                                                                                                                                                                                  Content-Type: application/javascript
                                                                                                                                                                                                                                                  Content-Length: 591
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                  2024-02-05 14:57:06 UTC591INData Raw: 69 66 20 28 20 74 79 70 65 6f 66 28 70 69 78 65 6c 45 76 65 6e 74 29 20 21 3d 20 27 66 75 6e 63 74 69 6f 6e 27 20 29 20 7b 0a 20 20 20 20 76 61 72 20 73 31 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 2c 73 30 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 0a 20 20 20 20 73 31 2e 73 72 63 3d 27 2f 73 72 63 2f 6d 61 69 6e 5f 63 6f 64 65 2e 6a 73 27 3b 0a 20 20 20 20 73 30 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 73 31 2c 73 30 29 3b 0a 7d 0a 0a 0a 2f 2f 20 2d 2d 2d 20 41 64 64 65 64 20 63 75 72 72 65 6e 74 20 79 65 61 72 20 2d 2d 2d 20 2f 2f 0a 66 75 6e 63 74 69 6f 6e 20 72 65 6e 64 65
                                                                                                                                                                                                                                                  Data Ascii: if ( typeof(pixelEvent) != 'function' ) { var s1=document.createElement("script"),s0=document.getElementsByTagName("script")[0]; s1.src='/src/main_code.js'; s0.parentNode.insertBefore(s1,s0);}// --- Added current year --- //function rende


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  27192.168.2.84975631.13.65.74432340C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:57:06 UTC532OUTGET /en_US/fbevents.js HTTP/1.1
                                                                                                                                                                                                                                                  Host: connect.facebook.net
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                  Referer: https://veryfast.io/
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                  2024-02-05 14:57:06 UTC1997INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Content-Type: application/x-javascript; charset=utf-8
                                                                                                                                                                                                                                                  timing-allow-origin: *
                                                                                                                                                                                                                                                  reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0"
                                                                                                                                                                                                                                                  report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}
                                                                                                                                                                                                                                                  content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
                                                                                                                                                                                                                                                  document-policy: force-load-at-top
                                                                                                                                                                                                                                                  permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
                                                                                                                                                                                                                                                  permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
                                                                                                                                                                                                                                                  cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                  cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
                                                                                                                                                                                                                                                  cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
                                                                                                                                                                                                                                                  Pragma: public
                                                                                                                                                                                                                                                  Cache-Control: public, max-age=1200
                                                                                                                                                                                                                                                  Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                                                                                                                                                                                  2024-02-05 14:57:06 UTC390INData Raw: 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 58 2d 58 53 53 2d 50 72 6f 74 65 63 74 69 6f 6e 3a 20 30 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 44 45 4e 59 0d 0a 6f 72 69 67 69 6e 2d 61 67 65 6e 74 2d 63 6c 75 73 74 65 72 3a 20 3f 30 0d 0a 53 74 72 69 63 74 2d 54 72 61 6e 73 70 6f 72 74 2d 53 65 63 75 72 69 74 79 3a 20 6d 61 78 2d 61 67 65 3d 33 31 35 33 36 30 30 30 3b 20 70 72 65 6c 6f 61 64 3b 20 69 6e 63 6c 75 64 65 53 75 62 44 6f 6d 61 69 6e 73 0d 0a 58 2d 46 42 2d 44 65 62 75 67 3a 20 44 2b 39 38 42 48 62 45 45 68 4f 2f 73 59 68 65 74 42 6d 4e 56 44 63 50 7a 68 44 69 4c 43 58 6a 6e 76 62 75 73 45 58 53 66 2f 59 62 46 6f 39 2b 64 4e 53 74 47 36 67 4e 32 55 59 49 63 45 56 57 4d 45 47
                                                                                                                                                                                                                                                  Data Ascii: X-Content-Type-Options: nosniffX-XSS-Protection: 0X-Frame-Options: DENYorigin-agent-cluster: ?0Strict-Transport-Security: max-age=31536000; preload; includeSubDomainsX-FB-Debug: D+98BHbEEhO/sYhetBmNVDcPzhDiLCXjnvbusEXSf/YbFo9+dNStG6gN2UYIcEVWMEG
                                                                                                                                                                                                                                                  2024-02-05 14:57:06 UTC1500INData Raw: 2f 2a 2a 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 37 2d 70 72 65 73 65 6e 74 2c 20 46 61 63 65 62 6f 6f 6b 2c 20 49 6e 63 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 2a 0a 2a 20 59 6f 75 20 61 72 65 20 68 65 72 65 62 79 20 67 72 61 6e 74 65 64 20 61 20 6e 6f 6e 2d 65 78 63 6c 75 73 69 76 65 2c 20 77 6f 72 6c 64 77 69 64 65 2c 20 72 6f 79 61 6c 74 79 2d 66 72 65 65 20 6c 69 63 65 6e 73 65 20 74 6f 20 75 73 65 2c 0a 2a 20 63 6f 70 79 2c 20 6d 6f 64 69 66 79 2c 20 61 6e 64 20 64 69 73 74 72 69 62 75 74 65 20 74 68 69 73 20 73 6f 66 74 77 61 72 65 20 69 6e 20 73 6f 75 72 63 65 20 63 6f 64 65 20 6f 72 20 62 69 6e 61 72 79 20 66 6f 72 6d 20 66 6f 72 20 75 73 65 0a 2a 20 69 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 77 69
                                                                                                                                                                                                                                                  Data Ascii: /*** Copyright (c) 2017-present, Facebook, Inc. All rights reserved.** You are hereby granted a non-exclusive, worldwide, royalty-free license to use,* copy, modify, and distribute this software in source code or binary form for use* in connection wi
                                                                                                                                                                                                                                                  2024-02-05 14:57:06 UTC1500INData Raw: 22 29 3b 22 65 72 72 6f 72 22 69 6e 20 63 6f 6e 73 6f 6c 65 26 26 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 22 46 61 63 65 62 6f 6f 6b 20 50 69 78 65 6c 20 45 72 72 6f 72 3a 20 50 69 78 65 6c 20 63 6f 64 65 20 69 73 20 6e 6f 74 20 69 6e 73 74 61 6c 6c 65 64 20 63 6f 72 72 65 63 74 6c 79 20 6f 6e 20 74 68 69 73 20 70 61 67 65 22 29 3b 72 65 74 75 72 6e 21 31 7d 72 65 74 75 72 6e 21 30 7d 28 29 29 72 65 74 75 72 6e 3b 76 61 72 20 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 61 28 61 2c 62 29 7b 76 61 72 20 63 3d 5b 5d 2c 64 3d 21 30 2c 65 3d 21 31 2c 66 3d 76 6f 69 64 20 30 3b 74 72 79 7b 66 6f 72 28 76 61 72 20 67 3d 61 5b 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 53 79 6d 62 6f 6c 2e 69 74 65 72
                                                                                                                                                                                                                                                  Data Ascii: ");"error"in console&&console.error("Facebook Pixel Error: Pixel code is not installed correctly on this page");return!1}return!0}())return;var g=function(){function a(a,b){var c=[],d=!0,e=!1,f=void 0;try{for(var g=a[typeof Symbol==="function"?Symbol.iter
                                                                                                                                                                                                                                                  2024-02-05 14:57:06 UTC1500INData Raw: 22 2b 74 79 70 65 6f 66 20 62 29 3b 61 2e 70 72 6f 74 6f 74 79 70 65 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 62 26 26 62 2e 70 72 6f 74 6f 74 79 70 65 2c 7b 63 6f 6e 73 74 72 75 63 74 6f 72 3a 7b 76 61 6c 75 65 3a 61 2c 65 6e 75 6d 65 72 61 62 6c 65 3a 21 31 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 7d 29 3b 62 26 26 28 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3f 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 28 61 2c 62 29 3a 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 29 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 61 2c 62 2c 63 29 7b 62 20 69 6e 20 61 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 61 2c 62 2c 7b 76 61 6c 75 65 3a 63 2c 65 6e 75 6d 65 72 61
                                                                                                                                                                                                                                                  Data Ascii: "+typeof b);a.prototype=Object.create(b&&b.prototype,{constructor:{value:a,enumerable:!1,writable:!0,configurable:!0}});b&&(Object.setPrototypeOf?Object.setPrototypeOf(a,b):a.__proto__=b)}function l(a,b,c){b in a?Object.defineProperty(a,b,{value:c,enumera
                                                                                                                                                                                                                                                  2024-02-05 14:57:06 UTC1500INData Raw: 22 3f 22 75 6e 64 65 66 69 6e 65 64 22 3a 69 28 48 54 4d 4c 45 6c 65 6d 65 6e 74 29 29 3d 3d 3d 22 6f 62 6a 65 63 74 22 29 72 65 74 75 72 6e 20 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 48 54 4d 4c 45 6c 65 6d 65 6e 74 3b 65 6c 73 65 20 72 65 74 75 72 6e 20 61 21 3d 3d 6e 75 6c 6c 26 26 28 74 79 70 65 6f 66 20 61 3d 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 22 75 6e 64 65 66 69 6e 65 64 22 3a 69 28 61 29 29 3d 3d 3d 22 6f 62 6a 65 63 74 22 26 26 61 2e 6e 6f 64 65 54 79 70 65 3d 3d 3d 4e 6f 64 65 2e 45 4c 45 4d 45 4e 54 5f 4e 4f 44 45 26 26 74 79 70 65 6f 66 20 61 2e 6e 6f 64 65 4e 61 6d 65 3d 3d 3d 22 73 74 72 69 6e 67 22 7d 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 72 65 74 75 72 6e 21 61 28 62 29 3f 6e 75 6c 6c 3a 62 7d 6b 2e 65 78 70 6f 72 74 73 3d 62 7d
                                                                                                                                                                                                                                                  Data Ascii: "?"undefined":i(HTMLElement))==="object")return a instanceof HTMLElement;else return a!==null&&(typeof a==="undefined"?"undefined":i(a))==="object"&&a.nodeType===Node.ELEMENT_NODE&&typeof a.nodeName==="string"}function b(b){return!a(b)?null:b}k.exports=b}
                                                                                                                                                                                                                                                  2024-02-05 14:57:06 UTC1500INData Raw: 6f 6e 20 6e 28 61 29 7b 72 65 74 75 72 6e 7b 65 72 72 6f 72 3a 6e 75 6c 6c 2c 77 61 72 6e 69 6e 67 73 3a 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 61 29 7b 69 66 28 61 29 7b 61 3d 61 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 76 61 72 20 62 3d 69 5b 61 5d 3b 69 66 28 62 21 3d 3d 21 30 29 72 65 74 75 72 6e 20 6d 28 7b 6d 65 74 61 64 61 74 61 3a 61 2c 74 79 70 65 3a 22 55 4e 53 55 50 50 4f 52 54 45 44 5f 4d 45 54 41 44 41 54 41 5f 41 52 47 55 4d 45 4e 54 22 7d 29 7d 72 65 74 75 72 6e 20 6c 28 29 7d 66 75 6e 63 74 69 6f 6e 20 70 28 61 29 7b 76 61 72 20 62 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 31 26 26 61 72 67 75 6d 65 6e 74 73 5b 31 5d 21 3d 3d 76 6f 69 64 20 30 3f 61 72 67 75 6d 65 6e 74 73 5b 31 5d 3a 7b 7d 3b 69 66 28 21 61 29 72 65 74
                                                                                                                                                                                                                                                  Data Ascii: on n(a){return{error:null,warnings:a}}function o(a){if(a){a=a.toLowerCase();var b=i[a];if(b!==!0)return m({metadata:a,type:"UNSUPPORTED_METADATA_ARGUMENT"})}return l()}function p(a){var b=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};if(!a)ret
                                                                                                                                                                                                                                                  2024-02-05 14:57:06 UTC1500INData Raw: 73 2e 5f 72 65 67 4b 65 79 2b 2b 3b 74 68 69 73 2e 5f 73 75 62 73 63 72 69 70 74 69 6f 6e 73 5b 63 5d 3d 61 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 62 2e 5f 73 75 62 73 63 72 69 70 74 69 6f 6e 73 5b 63 5d 7d 7d 7d 2c 7b 6b 65 79 3a 22 6c 69 73 74 65 6e 4f 6e 63 65 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 6e 75 6c 6c 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 62 26 26 62 28 29 3b 62 3d 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 76 6f 69 64 20 30 2c 61 72 67 75 6d 65 6e 74 73 29 7d 3b 62 3d 74 68 69 73 2e 6c 69 73 74 65 6e 28 63 29 3b 72 65 74 75 72 6e 20 62 7d 7d 2c 7b 6b 65 79 3a 22 74 72 69 67 67 65 72 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61
                                                                                                                                                                                                                                                  Data Ascii: s._regKey++;this._subscriptions[c]=a;return function(){delete b._subscriptions[c]}}},{key:"listenOnce",value:function(a){var b=null,c=function(){b&&b();b=null;return a.apply(void 0,arguments)};b=this.listen(c);return b}},{key:"trigger",value:function(){va
                                                                                                                                                                                                                                                  2024-02-05 14:57:06 UTC1500INData Raw: 6e 64 6c 65 3d 6e 75 6c 6c 29 2c 74 68 69 73 2e 5f 64 61 74 61 2e 6c 65 6e 67 74 68 3e 30 26 26 74 68 69 73 2e 5f 63 62 28 74 68 69 73 2e 5f 64 61 74 61 29 2c 74 68 69 73 2e 5f 64 61 74 61 3d 5b 5d 7d 7d 5d 29 3b 72 65 74 75 72 6e 20 61 7d 28 29 3b 6c 2e 65 78 70 6f 72 74 73 3d 69 7d 29 28 29 3b 72 65 74 75 72 6e 20 6c 2e 65 78 70 6f 72 74 73 7d 28 61 2c 62 2c 63 2c 64 29 7d 29 3b 66 2e 65 6e 73 75 72 65 4d 6f 64 75 6c 65 52 65 67 69 73 74 65 72 65 64 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 42 72 6f 77 73 65 72 50 72 6f 70 65 72 74 69 65 73 43 6f 6e 66 69 67 54 79 70 65 64 65 66 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 67 2c 68 2c 69 2c 6a 29 7b 76 61 72 20 6b 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d
                                                                                                                                                                                                                                                  Data Ascii: ndle=null),this._data.length>0&&this._cb(this._data),this._data=[]}}]);return a}();l.exports=i})();return l.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEventsBrowserPropertiesConfigTypedef",function(){return function(g,h,i,j){var k={exports:{}}
                                                                                                                                                                                                                                                  2024-02-05 14:57:06 UTC1500INData Raw: 2e 6f 62 6a 65 63 74 4f 72 53 74 72 69 6e 67 28 29 29 7d 29 29 29 29 2c 76 61 6c 75 65 52 75 6c 65 73 3a 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 2e 61 72 72 61 79 4f 66 28 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 2e 6f 62 6a 65 63 74 57 69 74 68 46 69 65 6c 64 73 28 7b 69 64 3a 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 2e 73 74 72 69 6e 67 28 29 29 2c 72 75 6c 65 3a 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 2e 6f 62 6a 65 63 74 28 29 29 7d 29 29 29 29 2c 62 6c 61 63 6b 6c 69 73 74 65 64 49 66 72 61 6d 65 52 65 66 65 72 72 65 72 73 3a 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 2e 6d 61 70 4f 66 28 62 5b 22 62 6f 6f 6c 65 61 6e 22 5d 28 29 29 29 7d 29 3b 6b 2e 65 78 70 6f 72 74 73 3d 61 7d 29 28 29 3b 72 65 74 75 72 6e 20 6b 2e 65 78 70 6f 72 74 73 7d 28 61 2c 62 2c 63
                                                                                                                                                                                                                                                  Data Ascii: .objectOrString())})))),valueRules:b.allowNull(b.arrayOf(b.allowNull(b.objectWithFields({id:b.allowNull(b.string()),rule:b.allowNull(b.object())})))),blacklistedIframeReferrers:b.allowNull(b.mapOf(b["boolean"]()))});k.exports=a})();return k.exports}(a,b,c
                                                                                                                                                                                                                                                  2024-02-05 14:57:06 UTC424INData Raw: 7d 3b 6b 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 63 28 61 2c 65 29 7d 7d 29 28 29 3b 72 65 74 75 72 6e 20 6b 2e 65 78 70 6f 72 74 73 7d 28 61 2c 62 2c 63 2c 64 29 7d 29 3b 66 2e 65 6e 73 75 72 65 4d 6f 64 75 6c 65 52 65 67 69 73 74 65 72 65 64 28 22 73 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 43 6f 65 72 63 65 49 6e 66 65 72 65 64 45 76 65 6e 74 73 43 6f 6e 66 69 67 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 67 2c 68 2c 69 2c 6a 29 7b 76 61 72 20 6b 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 6b 2e 65 78 70 6f 72 74 73 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 61 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65
                                                                                                                                                                                                                                                  Data Ascii: };k.exports=function(a){return c(a,e)}})();return k.exports}(a,b,c,d)});f.ensureModuleRegistered("signalsFBEventsCoerceInferedEventsConfig",function(){return function(g,h,i,j){var k={exports:{}};k.exports;(function(){"use strict";var a=f.getFbeventsModule


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  28192.168.2.849757161.35.127.1814432072C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:57:06 UTC169OUTGET /cpg.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67 HTTP/1.1
                                                                                                                                                                                                                                                  User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                  Host: veryfast.io
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  2024-02-05 14:57:06 UTC349INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:57:06 GMT
                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                  2024-02-05 14:57:06 UTC17INData Raw: 37 0d 0a 64 65 66 61 75 6c 74 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                  Data Ascii: 7default0


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  29192.168.2.84975840.68.123.157443
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:57:11 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=S7WXRsuOLGYF5hF&MD=NEsUzxVg HTTP/1.1
                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                                  Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                                  2024-02-05 14:57:12 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                  Expires: -1
                                                                                                                                                                                                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                                  ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                                                                                                                                                                                                                                  MS-CorrelationId: aee3d425-eb17-4bea-adc7-778e881f8fae
                                                                                                                                                                                                                                                  MS-RequestId: e2abac78-be4f-4f3e-89e3-e0033642b182
                                                                                                                                                                                                                                                  MS-CV: YmsBBTul8EeFloGL.0
                                                                                                                                                                                                                                                  X-Microsoft-SLSClientCache: 2160
                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:57:11 GMT
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  Content-Length: 25457
                                                                                                                                                                                                                                                  2024-02-05 14:57:12 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                                                                                                                                                                                                                                  Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                                                                                                                                                                                                                                  2024-02-05 14:57:12 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                                                                                                                                                                                                                                  Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                  30192.168.2.84976574.125.136.1004432340C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                  2024-02-05 14:57:50 UTC449OUTGET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=000000000000000000000000000000000000000061FF3C0F15 HTTP/1.1
                                                                                                                                                                                                                                                  Host: clients1.google.com
                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                  2024-02-05 14:57:50 UTC817INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-9OiaamAAPmpJYGUIDdcp9g' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1
                                                                                                                                                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-NZ9wT5sg7VtSkm0jXzF2vg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1
                                                                                                                                                                                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                  Content-Length: 219
                                                                                                                                                                                                                                                  Date: Mon, 05 Feb 2024 14:57:50 GMT
                                                                                                                                                                                                                                                  Expires: Mon, 05 Feb 2024 14:57:50 GMT
                                                                                                                                                                                                                                                  Cache-Control: private, max-age=0
                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                  Server: GSE
                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                  2024-02-05 14:57:50 UTC219INData Raw: 72 6c 7a 43 31 3a 20 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 39 36 0a 72 6c 7a 43 32 3a 20 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 39 36 0a 72 6c 7a 43 37 3a 20 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 39 36 0a 64 63 63 3a 20 0a 73 65 74 5f 64 63 63 3a 20 43 31 3a 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 39 36 2c 43 32 3a 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 39 36 2c 43 37 3a 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 39 36 0a 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 2c 43 31 53 2c 43 37 53 0a 73 74 61 74 65 66 75 6c 2d 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 0a 63 72 63 33 32 3a 20 61 33 33 39 63 61 64 0a
                                                                                                                                                                                                                                                  Data Ascii: rlzC1: 1C1ONGR_enUS1096rlzC2: 1C2ONGR_enUS1096rlzC7: 1C7ONGR_enUS1096dcc: set_dcc: C1:1C1ONGR_enUS1096,C2:1C2ONGR_enUS1096,C7:1C7ONGR_enUS1096events: C1I,C2I,C7I,C1S,C7Sstateful-events: C1I,C2I,C7Icrc32: a339cad


                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                  Start time:15:56:13
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Users\user\Desktop\Setup (1).exe
                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                  File size:142'536 bytes
                                                                                                                                                                                                                                                  MD5 hash:EC427B1BF867DC6FDFDFC2B5219F44DE
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                  Start time:15:56:18
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=9AC52742-8547-84D6-5349-ECEC87A66D67
                                                                                                                                                                                                                                                  Imagebase:0x7ff678760000
                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                                  Start time:15:56:18
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                                  Imagebase:0x7ff67e6d0000
                                                                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                                  Start time:15:56:18
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2088,i,7827127790469141543,7721217592349292096,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                  Imagebase:0x7ff678760000
                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                                                                  Start time:15:56:33
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\SetupEngine.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\SetupEngine.exe"
                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                  File size:3'208'568 bytes
                                                                                                                                                                                                                                                  MD5 hash:6ADC1C797360ABEE521CAC2019130184
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 38%, ReversingLabs
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                                  Start time:15:56:35
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:cmd /c "C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp" > C:\Users\user\AppData\Local\Temp\dskres.xml
                                                                                                                                                                                                                                                  Imagebase:0xa40000
                                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                                                                  Start time:15:56:35
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                  Imagebase:0x7ff6ee680000
                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                                                  Start time:15:56:35
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\diskspd.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\Temp\testfile.temp
                                                                                                                                                                                                                                                  Imagebase:0xbd0000
                                                                                                                                                                                                                                                  File size:144'688 bytes
                                                                                                                                                                                                                                                  MD5 hash:FC41CABDD3C18079985AC5F648F58A90
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                                                                  Start time:15:56:57
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                  File size:55'410'880 bytes
                                                                                                                                                                                                                                                  MD5 hash:884E1463B4CB20B28C3A80960E02AC2D
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 5%, ReversingLabs
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                                                                  Start time:15:57:03
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=9AC52742-8547-84D6-5349-ECEC87A66D67&_fcid=
                                                                                                                                                                                                                                                  Imagebase:0x7ff678760000
                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                                                                                  Start time:15:57:03
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Fast!\FastSRV.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Program Files (x86)\Fast!\FastSRV.exe
                                                                                                                                                                                                                                                  Imagebase:0xc0000
                                                                                                                                                                                                                                                  File size:98'648 bytes
                                                                                                                                                                                                                                                  MD5 hash:B8AF4E4DFAB89560361DDB94353E7E06
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 4%, ReversingLabs
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:17
                                                                                                                                                                                                                                                  Start time:15:57:04
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Fast!\fast!.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Program Files (x86)\fast!\fast!.exe
                                                                                                                                                                                                                                                  Imagebase:0xd90000
                                                                                                                                                                                                                                                  File size:1'983'320 bytes
                                                                                                                                                                                                                                                  MD5 hash:3F2669BA4BA457B6F5B0F3CD949F1FDB
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:18
                                                                                                                                                                                                                                                  Start time:15:57:04
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1916,i,5467394529927478495,12224471983908460789,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                  Imagebase:0x7ff678760000
                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:20
                                                                                                                                                                                                                                                  Start time:15:57:04
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Fast!\fast!.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Program Files (x86)\fast!\fast!.exe
                                                                                                                                                                                                                                                  Imagebase:0xd90000
                                                                                                                                                                                                                                                  File size:1'983'320 bytes
                                                                                                                                                                                                                                                  MD5 hash:3F2669BA4BA457B6F5B0F3CD949F1FDB
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:21
                                                                                                                                                                                                                                                  Start time:15:57:04
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Fast!\fast!.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Program Files (x86)\Fast!\Fast!.exe
                                                                                                                                                                                                                                                  Imagebase:0xd90000
                                                                                                                                                                                                                                                  File size:1'983'320 bytes
                                                                                                                                                                                                                                                  MD5 hash:3F2669BA4BA457B6F5B0F3CD949F1FDB
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:22
                                                                                                                                                                                                                                                  Start time:15:57:05
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.
                                                                                                                                                                                                                                                  Imagebase:0xdb0000
                                                                                                                                                                                                                                                  File size:4'127'368 bytes
                                                                                                                                                                                                                                                  MD5 hash:4D9F9AE313447C1A616574E185697E3C
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 4%, ReversingLabs
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                                                                                  Start time:15:57:06
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win32 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x2d0,0x2d4,0x2d8,0x2cc,0x2dc,0x6b77693c,0x6b77694c,0x6b77695c
                                                                                                                                                                                                                                                  Imagebase:0xdb0000
                                                                                                                                                                                                                                                  File size:4'127'368 bytes
                                                                                                                                                                                                                                                  MD5 hash:4D9F9AE313447C1A616574E185697E3C
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                                                                                  Start time:15:57:06
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x1e4,0x1e8,0x1ec,0x1dc,0x1f0,0x113482c,0x113483c,0x113484c
                                                                                                                                                                                                                                                  Imagebase:0xdb0000
                                                                                                                                                                                                                                                  File size:4'127'368 bytes
                                                                                                                                                                                                                                                  MD5 hash:4D9F9AE313447C1A616574E185697E3C
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:25
                                                                                                                                                                                                                                                  Start time:15:57:07
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --no-sandbox --no-zygote --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --service-pipe-token=8105DEE737FAB8EA109B16EF340D3C98 --lang=en-GB --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true,cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=8105DEE737FAB8EA109B16EF340D3C98 --renderer-client-id=2 --mojo-platform-channel-handle=2304 /prefetch:1
                                                                                                                                                                                                                                                  Imagebase:0xdb0000
                                                                                                                                                                                                                                                  File size:4'127'368 bytes
                                                                                                                                                                                                                                                  MD5 hash:4D9F9AE313447C1A616574E185697E3C
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:26
                                                                                                                                                                                                                                                  Start time:15:57:12
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --use-gl=swiftshader-webgl --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0405 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=FD389EC5CD9C89122ED5B3B0DEEB4EE8 --mojo-platform-channel-handle=2920 /prefetch:2
                                                                                                                                                                                                                                                  Imagebase:0xdb0000
                                                                                                                                                                                                                                                  File size:4'127'368 bytes
                                                                                                                                                                                                                                                  MD5 hash:4D9F9AE313447C1A616574E185697E3C
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:28
                                                                                                                                                                                                                                                  Start time:15:57:52
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --lang=en-GB --no-sandbox --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=AA0F20FA834DC6E5A78D4F769174833B --mojo-platform-channel-handle=3244 /prefetch:8
                                                                                                                                                                                                                                                  Imagebase:0xdb0000
                                                                                                                                                                                                                                                  File size:4'127'368 bytes
                                                                                                                                                                                                                                                  MD5 hash:4D9F9AE313447C1A616574E185697E3C
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:29
                                                                                                                                                                                                                                                  Start time:15:58:08
                                                                                                                                                                                                                                                  Start date:05/02/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --field-trial-handle=2276,4077916020762326527,13081929346112199386,131072 --lang=en-GB --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --service-request-channel-token=13E732A3972A8DB0A295812B28F54687 --mojo-platform-channel-handle=3060 /prefetch:8
                                                                                                                                                                                                                                                  Imagebase:0xdb0000
                                                                                                                                                                                                                                                  File size:4'127'368 bytes
                                                                                                                                                                                                                                                  MD5 hash:4D9F9AE313447C1A616574E185697E3C
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:26.7%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:22.1%
                                                                                                                                                                                                                                                    Total number of Nodes:1276
                                                                                                                                                                                                                                                    Total number of Limit Nodes:41
                                                                                                                                                                                                                                                    execution_graph 2733 401dc1 2745 402a0c 2733->2745 2736 402a0c 18 API calls 2737 401dd0 2736->2737 2738 402a0c 18 API calls 2737->2738 2739 401dd9 2738->2739 2740 402a0c 18 API calls 2739->2740 2741 401de2 2740->2741 2751 401423 2741->2751 2744 401e16 2746 402a18 2745->2746 2754 405bc3 2746->2754 2749 401dc7 2749->2736 2793 404e8d 2751->2793 2759 405bd0 2754->2759 2755 405dea 2756 402a39 2755->2756 2788 405ba1 lstrcpynA 2755->2788 2756->2749 2772 405e03 2756->2772 2758 405c68 GetVersion 2758->2759 2759->2755 2759->2758 2760 405dc1 lstrlenA 2759->2760 2763 405bc3 10 API calls 2759->2763 2764 405ce0 GetSystemDirectoryA 2759->2764 2766 405cf3 GetWindowsDirectoryA 2759->2766 2767 405e03 5 API calls 2759->2767 2768 405d6a lstrcatA 2759->2768 2769 405d27 SHGetSpecialFolderLocation 2759->2769 2770 405bc3 10 API calls 2759->2770 2781 405a88 RegOpenKeyExA 2759->2781 2786 405aff wsprintfA 2759->2786 2787 405ba1 lstrcpynA 2759->2787 2760->2759 2763->2760 2764->2759 2766->2759 2767->2759 2768->2759 2769->2759 2771 405d3f SHGetPathFromIDListA CoTaskMemFree 2769->2771 2770->2759 2771->2759 2779 405e0f 2772->2779 2773 405e77 2774 405e7b CharPrevA 2773->2774 2776 405e96 2773->2776 2774->2773 2775 405e6c CharNextA 2775->2773 2775->2779 2776->2749 2778 405e5a CharNextA 2778->2779 2779->2773 2779->2775 2779->2778 2780 405e67 CharNextA 2779->2780 2789 4056bf 2779->2789 2780->2775 2782 405af9 2781->2782 2783 405abb RegQueryValueExA 2781->2783 2782->2759 2785 405adc RegCloseKey 2783->2785 2785->2782 2786->2759 2787->2759 2788->2756 2790 4056c5 2789->2790 2791 4056d8 2790->2791 2792 4056cb CharNextA 2790->2792 2791->2779 2792->2790 2794 404ea8 2793->2794 2803 401431 ShellExecuteA 2793->2803 2795 404ec5 lstrlenA 2794->2795 2796 405bc3 18 API calls 2794->2796 2797 404ed3 lstrlenA 2795->2797 2798 404eee 2795->2798 2796->2795 2799 404ee5 lstrcatA 2797->2799 2797->2803 2800 404f01 2798->2800 2801 404ef4 SetWindowTextA 2798->2801 2799->2798 2802 404f07 SendMessageA SendMessageA SendMessageA 2800->2802 2800->2803 2801->2800 2802->2803 2803->2744 3553 401cc1 GetDlgItem GetClientRect 3554 402a0c 18 API calls 3553->3554 3555 401cf1 LoadImageA SendMessageA 3554->3555 3556 4028a1 3555->3556 3557 401d0f DeleteObject 3555->3557 3557->3556 3558 401645 3559 402a0c 18 API calls 3558->3559 3560 40164c 3559->3560 3561 402a0c 18 API calls 3560->3561 3562 401655 3561->3562 3563 402a0c 18 API calls 3562->3563 3564 40165e MoveFileA 3563->3564 3565 401671 3564->3565 3566 40166a 3564->3566 3568 405e9c 2 API calls 3565->3568 3570 40217f 3565->3570 3567 401423 25 API calls 3566->3567 3567->3570 3569 401680 3568->3569 3569->3570 3571 4058ef 40 API calls 3569->3571 3571->3566 3572 401ec5 3573 402a0c 18 API calls 3572->3573 3574 401ecc 3573->3574 3575 405f2d 5 API calls 3574->3575 3576 401edb 3575->3576 3577 401ef3 GlobalAlloc 3576->3577 3579 401f5b 3576->3579 3578 401f07 3577->3578 3577->3579 3580 405f2d 5 API calls 3578->3580 3581 401f0e 3580->3581 3582 405f2d 5 API calls 3581->3582 3583 401f18 3582->3583 3583->3579 3587 405aff wsprintfA 3583->3587 3585 401f4f 3588 405aff wsprintfA 3585->3588 3587->3585 3588->3579 3589 4023c5 3600 402b16 3589->3600 3591 4023cf 3592 402a0c 18 API calls 3591->3592 3593 4023d8 3592->3593 3594 4023e2 RegQueryValueExA 3593->3594 3598 402672 3593->3598 3595 402402 3594->3595 3596 402408 RegCloseKey 3594->3596 3595->3596 3604 405aff wsprintfA 3595->3604 3596->3598 3601 402a0c 18 API calls 3600->3601 3602 402b2f 3601->3602 3603 402b3d RegOpenKeyExA 3602->3603 3603->3591 3604->3596 2972 404fcb 2973 405177 2972->2973 2974 404fec GetDlgItem GetDlgItem GetDlgItem 2972->2974 2976 405180 GetDlgItem CreateThread CloseHandle 2973->2976 2977 4051a8 2973->2977 3018 403e92 SendMessageA 2974->3018 2976->2977 3021 404f5f OleInitialize 2976->3021 2979 4051f5 2977->2979 2980 4051bf ShowWindow ShowWindow 2977->2980 2981 4051d3 2977->2981 2978 40505d 2985 405064 GetClientRect GetSystemMetrics SendMessageA SendMessageA 2978->2985 2984 403ec4 8 API calls 2979->2984 3020 403e92 SendMessageA 2980->3020 2982 4051e4 2981->2982 2983 40520a ShowWindow 2981->2983 2986 405231 2981->2986 2988 403e36 SendMessageA 2982->2988 2990 40522a 2983->2990 2991 40521c 2983->2991 2989 405203 2984->2989 2992 4050d3 2985->2992 2993 4050b7 SendMessageA SendMessageA 2985->2993 2986->2979 2994 40523c SendMessageA 2986->2994 2988->2979 2996 403e36 SendMessageA 2990->2996 2995 404e8d 25 API calls 2991->2995 2997 4050e6 2992->2997 2998 4050d8 SendMessageA 2992->2998 2993->2992 2994->2989 2999 405255 CreatePopupMenu 2994->2999 2995->2990 2996->2986 3001 403e5d 19 API calls 2997->3001 2998->2997 3000 405bc3 18 API calls 2999->3000 3003 405265 AppendMenuA 3000->3003 3002 4050f6 3001->3002 3006 405133 GetDlgItem SendMessageA 3002->3006 3007 4050ff ShowWindow 3002->3007 3004 405278 GetWindowRect 3003->3004 3005 40528b 3003->3005 3008 405294 TrackPopupMenu 3004->3008 3005->3008 3006->2989 3010 40515a SendMessageA SendMessageA 3006->3010 3009 405115 ShowWindow 3007->3009 3012 405122 3007->3012 3008->2989 3011 4052b2 3008->3011 3009->3012 3010->2989 3013 4052ce SendMessageA 3011->3013 3019 403e92 SendMessageA 3012->3019 3013->3013 3015 4052eb OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3013->3015 3016 40530d SendMessageA 3015->3016 3016->3016 3017 40532e GlobalUnlock SetClipboardData CloseClipboard 3016->3017 3017->2989 3018->2978 3019->3006 3020->2981 3022 403ea9 SendMessageA 3021->3022 3024 404f82 3022->3024 3023 403ea9 SendMessageA 3025 404fbb OleUninitialize 3023->3025 3026 401389 2 API calls 3024->3026 3027 404fa9 3024->3027 3026->3024 3027->3023 3608 402b51 3609 402b60 SetTimer 3608->3609 3610 402b79 3608->3610 3609->3610 3611 402bce 3610->3611 3612 402b93 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 3610->3612 3612->3611 3613 404254 3614 404264 3613->3614 3615 40428a 3613->3615 3617 403e5d 19 API calls 3614->3617 3616 403ec4 8 API calls 3615->3616 3618 404296 3616->3618 3619 404271 SetDlgItemTextA 3617->3619 3619->3615 3620 402654 3621 402a0c 18 API calls 3620->3621 3622 40265b FindFirstFileA 3621->3622 3623 40267e 3622->3623 3627 40266e 3622->3627 3628 405aff wsprintfA 3623->3628 3625 402685 3629 405ba1 lstrcpynA 3625->3629 3628->3625 3629->3627 3630 4024d4 3631 4024d9 3630->3631 3632 4024ea 3630->3632 3633 4029ef 18 API calls 3631->3633 3634 402a0c 18 API calls 3632->3634 3636 4024e0 3633->3636 3635 4024f1 lstrlenA 3634->3635 3635->3636 3637 402510 WriteFile 3636->3637 3638 402672 3636->3638 3637->3638 3508 4014d6 3509 4029ef 18 API calls 3508->3509 3510 4014dc Sleep 3509->3510 3512 4028a1 3510->3512 3644 4018d8 3645 40190f 3644->3645 3646 402a0c 18 API calls 3645->3646 3647 401914 3646->3647 3648 4054c6 70 API calls 3647->3648 3649 40191d 3648->3649 3650 4018db 3651 402a0c 18 API calls 3650->3651 3652 4018e2 3651->3652 3653 405462 MessageBoxIndirectA 3652->3653 3654 4018eb 3653->3654 3655 4047dc GetDlgItem GetDlgItem 3656 404830 7 API calls 3655->3656 3665 404a4d 3655->3665 3657 4048d6 DeleteObject 3656->3657 3658 4048c9 SendMessageA 3656->3658 3659 4048e1 3657->3659 3658->3657 3660 404918 3659->3660 3664 405bc3 18 API calls 3659->3664 3662 403e5d 19 API calls 3660->3662 3661 404b37 3663 404be6 3661->3663 3667 404a40 3661->3667 3673 404b90 SendMessageA 3661->3673 3666 40492c 3662->3666 3668 404bfb 3663->3668 3669 404bef SendMessageA 3663->3669 3670 4048fa SendMessageA SendMessageA 3664->3670 3665->3661 3689 404ac1 3665->3689 3708 40475c SendMessageA 3665->3708 3672 403e5d 19 API calls 3666->3672 3674 403ec4 8 API calls 3667->3674 3676 404c14 3668->3676 3677 404c0d ImageList_Destroy 3668->3677 3685 404c24 3668->3685 3669->3668 3670->3659 3690 40493a 3672->3690 3673->3667 3679 404ba5 SendMessageA 3673->3679 3680 404dd6 3674->3680 3675 404b29 SendMessageA 3675->3661 3681 404c1d GlobalFree 3676->3681 3676->3685 3677->3676 3678 404d8a 3678->3667 3686 404d9c ShowWindow GetDlgItem ShowWindow 3678->3686 3683 404bb8 3679->3683 3681->3685 3682 404a0e GetWindowLongA SetWindowLongA 3684 404a27 3682->3684 3696 404bc9 SendMessageA 3683->3696 3687 404a45 3684->3687 3688 404a2d ShowWindow 3684->3688 3685->3678 3694 40140b 2 API calls 3685->3694 3701 404c56 3685->3701 3686->3667 3707 403e92 SendMessageA 3687->3707 3706 403e92 SendMessageA 3688->3706 3689->3661 3689->3675 3690->3682 3693 404989 SendMessageA 3690->3693 3697 404a08 3690->3697 3698 4049c5 SendMessageA 3690->3698 3699 4049d6 SendMessageA 3690->3699 3693->3690 3694->3701 3695 404c9a 3700 404d60 InvalidateRect 3695->3700 3705 404d0e SendMessageA SendMessageA 3695->3705 3696->3663 3697->3682 3697->3684 3698->3690 3699->3690 3700->3678 3702 404d76 3700->3702 3701->3695 3703 404c84 SendMessageA 3701->3703 3713 404717 3702->3713 3703->3695 3705->3695 3706->3667 3707->3665 3709 4047bb SendMessageA 3708->3709 3710 40477f GetMessagePos ScreenToClient SendMessageA 3708->3710 3711 4047b3 3709->3711 3710->3711 3712 4047b8 3710->3712 3711->3689 3712->3709 3716 404652 3713->3716 3715 40472c 3715->3678 3717 404668 3716->3717 3718 405bc3 18 API calls 3717->3718 3719 4046cc 3718->3719 3720 405bc3 18 API calls 3719->3720 3721 4046d7 3720->3721 3722 405bc3 18 API calls 3721->3722 3723 4046ed lstrlenA wsprintfA SetDlgItemTextA 3722->3723 3723->3715 3724 404ddd 3725 404e02 3724->3725 3726 404deb 3724->3726 3728 404e10 IsWindowVisible 3725->3728 3734 404e27 3725->3734 3727 404df1 3726->3727 3742 404e6b 3726->3742 3729 403ea9 SendMessageA 3727->3729 3731 404e1d 3728->3731 3728->3742 3732 404dfb 3729->3732 3730 404e71 CallWindowProcA 3730->3732 3733 40475c 5 API calls 3731->3733 3733->3734 3734->3730 3743 405ba1 lstrcpynA 3734->3743 3736 404e56 3744 405aff wsprintfA 3736->3744 3738 404e5d 3739 40140b 2 API calls 3738->3739 3740 404e64 3739->3740 3745 405ba1 lstrcpynA 3740->3745 3742->3730 3743->3736 3744->3738 3745->3742 2814 4025e2 2815 4025e9 2814->2815 2821 40284e 2814->2821 2822 4029ef 2815->2822 2817 4025f4 2818 4025fb SetFilePointer 2817->2818 2819 40260b 2818->2819 2818->2821 2825 405aff wsprintfA 2819->2825 2823 405bc3 18 API calls 2822->2823 2824 402a03 2823->2824 2824->2817 2825->2821 3746 401ae5 3747 402a0c 18 API calls 3746->3747 3748 401aec 3747->3748 3749 4029ef 18 API calls 3748->3749 3750 401af5 wsprintfA 3749->3750 3751 4028a1 3750->3751 3752 4019e6 3753 402a0c 18 API calls 3752->3753 3754 4019ef ExpandEnvironmentStringsA 3753->3754 3755 401a03 3754->3755 3757 401a16 3754->3757 3756 401a08 lstrcmpA 3755->3756 3755->3757 3756->3757 2853 401f67 2854 401f79 2853->2854 2855 402028 2853->2855 2856 402a0c 18 API calls 2854->2856 2857 401423 25 API calls 2855->2857 2858 401f80 2856->2858 2864 40217f 2857->2864 2859 402a0c 18 API calls 2858->2859 2860 401f89 2859->2860 2861 401f91 GetModuleHandleA 2860->2861 2862 401f9e LoadLibraryExA 2860->2862 2861->2862 2863 401fae GetProcAddress 2861->2863 2862->2855 2862->2863 2865 401ffb 2863->2865 2866 401fbe 2863->2866 2867 404e8d 25 API calls 2865->2867 2868 401423 25 API calls 2866->2868 2869 401fce 2866->2869 2867->2869 2868->2869 2869->2864 2870 40201c FreeLibrary 2869->2870 2870->2864 3758 4045ec 3759 404618 3758->3759 3760 4045fc 3758->3760 3762 40464b 3759->3762 3763 40461e SHGetPathFromIDListA 3759->3763 3769 405446 GetDlgItemTextA 3760->3769 3765 404635 SendMessageA 3763->3765 3766 40462e 3763->3766 3764 404609 SendMessageA 3764->3759 3765->3762 3767 40140b 2 API calls 3766->3767 3767->3765 3769->3764 3770 401c6d 3771 4029ef 18 API calls 3770->3771 3772 401c73 IsWindow 3771->3772 3773 4019d6 3772->3773 3774 4014f0 SetForegroundWindow 3775 4028a1 3774->3775 3776 403f71 lstrcpynA lstrlenA 3777 4016fa 3778 402a0c 18 API calls 3777->3778 3779 401701 SearchPathA 3778->3779 3780 4027cc 3779->3780 3781 40171c 3779->3781 3781->3780 3783 405ba1 lstrcpynA 3781->3783 3783->3780 3540 40287c SendMessageA 3541 4028a1 3540->3541 3542 402896 InvalidateRect 3540->3542 3542->3541 3784 40227d 3785 402a0c 18 API calls 3784->3785 3786 40228b 3785->3786 3787 402a0c 18 API calls 3786->3787 3788 402294 3787->3788 3789 402a0c 18 API calls 3788->3789 3790 40229e GetPrivateProfileStringA 3789->3790 3791 4014fe 3792 401506 3791->3792 3794 401519 3791->3794 3793 4029ef 18 API calls 3792->3793 3793->3794 3795 401000 3796 401037 BeginPaint GetClientRect 3795->3796 3797 40100c DefWindowProcA 3795->3797 3799 4010f3 3796->3799 3800 401179 3797->3800 3801 401073 CreateBrushIndirect FillRect DeleteObject 3799->3801 3802 4010fc 3799->3802 3801->3799 3803 401102 CreateFontIndirectA 3802->3803 3804 401167 EndPaint 3802->3804 3803->3804 3805 401112 6 API calls 3803->3805 3804->3800 3805->3804 2826 401b06 2827 401b57 2826->2827 2829 401b13 2826->2829 2830 401b80 GlobalAlloc 2827->2830 2831 401b5b 2827->2831 2828 402211 2834 405bc3 18 API calls 2828->2834 2829->2828 2837 401b2a 2829->2837 2833 405bc3 18 API calls 2830->2833 2832 401b9b 2831->2832 2847 405ba1 lstrcpynA 2831->2847 2833->2832 2836 40221e 2834->2836 2848 405462 2836->2848 2845 405ba1 lstrcpynA 2837->2845 2838 401b6d GlobalFree 2838->2832 2841 401b39 2846 405ba1 lstrcpynA 2841->2846 2843 401b48 2852 405ba1 lstrcpynA 2843->2852 2845->2841 2846->2843 2847->2838 2849 405477 2848->2849 2850 4054c3 2849->2850 2851 40548b MessageBoxIndirectA 2849->2851 2850->2832 2851->2850 2852->2832 3806 402188 3807 402a0c 18 API calls 3806->3807 3808 40218e 3807->3808 3809 402a0c 18 API calls 3808->3809 3810 402197 3809->3810 3811 402a0c 18 API calls 3810->3811 3812 4021a0 3811->3812 3813 405e9c 2 API calls 3812->3813 3814 4021a9 3813->3814 3815 4021ba lstrlenA lstrlenA 3814->3815 3820 4021ad 3814->3820 3816 404e8d 25 API calls 3815->3816 3818 4021f6 SHFileOperationA 3816->3818 3817 404e8d 25 API calls 3819 4021b5 3817->3819 3818->3819 3818->3820 3820->3817 3820->3819 2871 40398a 2872 4039a2 2871->2872 2873 403add 2871->2873 2872->2873 2874 4039ae 2872->2874 2875 403b2e 2873->2875 2876 403aee GetDlgItem GetDlgItem 2873->2876 2877 4039b9 SetWindowPos 2874->2877 2878 4039cc 2874->2878 2880 403b88 2875->2880 2888 401389 2 API calls 2875->2888 2879 403e5d 19 API calls 2876->2879 2877->2878 2882 4039d1 ShowWindow 2878->2882 2883 4039e9 2878->2883 2884 403b18 SetClassLongA 2879->2884 2930 403ad8 2880->2930 2939 403ea9 2880->2939 2882->2883 2885 4039f1 DestroyWindow 2883->2885 2886 403a0b 2883->2886 2887 40140b 2 API calls 2884->2887 2938 403de6 2885->2938 2890 403a10 SetWindowLongA 2886->2890 2891 403a21 2886->2891 2887->2875 2889 403b60 2888->2889 2889->2880 2892 403b64 SendMessageA 2889->2892 2890->2930 2895 403a2d GetDlgItem 2891->2895 2907 403a98 2891->2907 2892->2930 2893 40140b 2 API calls 2928 403b9a 2893->2928 2894 403de8 KiUserCallbackDispatcher KiUserCallbackDispatcher 2894->2938 2898 403a40 SendMessageA IsWindowEnabled 2895->2898 2899 403a5d 2895->2899 2897 403e17 ShowWindow 2897->2930 2898->2899 2898->2930 2901 403a6a 2899->2901 2902 403ab1 SendMessageA 2899->2902 2903 403a7d 2899->2903 2911 403a62 2899->2911 2900 405bc3 18 API calls 2900->2928 2901->2902 2901->2911 2902->2907 2905 403a85 2903->2905 2906 403a9a 2903->2906 2952 40140b 2905->2952 2909 40140b 2 API calls 2906->2909 2958 403ec4 2907->2958 2909->2911 2910 403e5d 19 API calls 2910->2928 2911->2907 2955 403e36 2911->2955 2913 403c15 GetDlgItem 2914 403c32 ShowWindow KiUserCallbackDispatcher 2913->2914 2915 403c2a 2913->2915 2945 403e7f KiUserCallbackDispatcher 2914->2945 2915->2914 2917 403c5c KiUserCallbackDispatcher 2920 403c70 2917->2920 2918 403c75 GetSystemMenu EnableMenuItem SendMessageA 2919 403ca5 SendMessageA 2918->2919 2918->2920 2919->2920 2920->2918 2946 403e92 SendMessageA 2920->2946 2947 405ba1 lstrcpynA 2920->2947 2923 403cd3 lstrlenA 2924 405bc3 18 API calls 2923->2924 2925 403ce4 SetWindowTextA 2924->2925 2948 401389 2925->2948 2927 403d28 DestroyWindow 2929 403d42 CreateDialogParamA 2927->2929 2927->2938 2928->2893 2928->2894 2928->2900 2928->2910 2928->2927 2928->2930 2942 403e5d 2928->2942 2931 403d75 2929->2931 2929->2938 2932 403e5d 19 API calls 2931->2932 2933 403d80 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 2932->2933 2934 401389 2 API calls 2933->2934 2935 403dc6 2934->2935 2935->2930 2936 403dce ShowWindow 2935->2936 2937 403ea9 SendMessageA 2936->2937 2937->2938 2938->2897 2938->2930 2940 403ec1 2939->2940 2941 403eb2 SendMessageA 2939->2941 2940->2928 2941->2940 2943 405bc3 18 API calls 2942->2943 2944 403e68 SetDlgItemTextA 2943->2944 2944->2913 2945->2917 2946->2920 2947->2923 2950 401390 2948->2950 2949 4013fe 2949->2928 2950->2949 2951 4013cb MulDiv SendMessageA 2950->2951 2951->2950 2953 401389 2 API calls 2952->2953 2954 401420 2953->2954 2954->2911 2956 403e43 SendMessageA 2955->2956 2957 403e3d 2955->2957 2956->2907 2957->2956 2959 403edc GetWindowLongA 2958->2959 2969 403f65 2958->2969 2960 403eed 2959->2960 2959->2969 2961 403efc GetSysColor 2960->2961 2962 403eff 2960->2962 2961->2962 2963 403f05 SetTextColor 2962->2963 2964 403f0f SetBkMode 2962->2964 2963->2964 2965 403f27 GetSysColor 2964->2965 2966 403f2d 2964->2966 2965->2966 2967 403f34 SetBkColor 2966->2967 2968 403f3e 2966->2968 2967->2968 2968->2969 2970 403f51 DeleteObject 2968->2970 2971 403f58 CreateBrushIndirect 2968->2971 2969->2930 2970->2971 2971->2969 3821 40220a 3822 402211 3821->3822 3825 402224 3821->3825 3823 405bc3 18 API calls 3822->3823 3824 40221e 3823->3824 3826 405462 MessageBoxIndirectA 3824->3826 3826->3825 3827 401c8a 3828 4029ef 18 API calls 3827->3828 3829 401c91 3828->3829 3830 4029ef 18 API calls 3829->3830 3831 401c99 GetDlgItem 3830->3831 3832 4024ce 3831->3832 3028 40310d SetErrorMode GetVersion 3029 403143 3028->3029 3030 403149 3028->3030 3031 405f2d 5 API calls 3029->3031 3121 405ec3 GetSystemDirectoryA 3030->3121 3031->3030 3033 40315e 3034 405ec3 3 API calls 3033->3034 3035 403168 3034->3035 3036 405ec3 3 API calls 3035->3036 3037 403172 3036->3037 3124 405f2d GetModuleHandleA 3037->3124 3040 405f2d 5 API calls 3041 403180 #17 OleInitialize SHGetFileInfoA 3040->3041 3130 405ba1 lstrcpynA 3041->3130 3043 4031bd GetCommandLineA 3131 405ba1 lstrcpynA 3043->3131 3045 4031cf GetModuleHandleA 3046 4031e6 3045->3046 3047 4056bf CharNextA 3046->3047 3048 4031fa CharNextA 3047->3048 3056 403207 3048->3056 3049 403270 3050 403283 GetTempPathA 3049->3050 3132 4030dc 3050->3132 3052 403299 3053 4032bd DeleteFileA 3052->3053 3054 40329d GetWindowsDirectoryA lstrcatA 3052->3054 3142 402c38 GetTickCount GetModuleFileNameA 3053->3142 3057 4030dc 12 API calls 3054->3057 3055 4056bf CharNextA 3055->3056 3056->3049 3056->3055 3060 403272 3056->3060 3059 4032b9 3057->3059 3059->3053 3062 40333b ExitProcess OleUninitialize 3059->3062 3226 405ba1 lstrcpynA 3060->3226 3061 4032ce 3061->3062 3068 4056bf CharNextA 3061->3068 3100 403327 3061->3100 3064 403350 3062->3064 3065 40345f 3062->3065 3069 405462 MessageBoxIndirectA 3064->3069 3066 403502 ExitProcess 3065->3066 3070 405f2d 5 API calls 3065->3070 3073 4032e5 3068->3073 3074 40335e ExitProcess 3069->3074 3075 403472 3070->3075 3071 403337 3071->3062 3077 403302 3073->3077 3078 403366 3073->3078 3076 405f2d 5 API calls 3075->3076 3079 40347b 3076->3079 3227 405775 3077->3227 3243 4053e9 3078->3243 3082 405f2d 5 API calls 3079->3082 3085 403484 3082->3085 3094 403492 GetCurrentProcess 3085->3094 3103 4034a2 3085->3103 3086 403387 lstrcatA lstrcmpiA 3086->3062 3089 4033a3 3086->3089 3087 40337c lstrcatA 3087->3086 3088 405f2d 5 API calls 3104 4034d9 3088->3104 3091 4033a8 3089->3091 3092 4033af 3089->3092 3246 40534f CreateDirectoryA 3091->3246 3251 4053cc CreateDirectoryA 3092->3251 3093 40331c 3242 405ba1 lstrcpynA 3093->3242 3094->3103 3095 4034ee ExitWindowsEx 3095->3066 3101 4034fb 3095->3101 3170 4035f4 3100->3170 3105 40140b 2 API calls 3101->3105 3102 4033b4 SetCurrentDirectoryA 3106 4033c3 3102->3106 3107 4033ce 3102->3107 3103->3088 3104->3095 3104->3101 3105->3066 3254 405ba1 lstrcpynA 3106->3254 3255 405ba1 lstrcpynA 3107->3255 3110 405bc3 18 API calls 3111 4033fe DeleteFileA 3110->3111 3112 40340b CopyFileA 3111->3112 3118 4033dc 3111->3118 3112->3118 3113 403453 3115 4058ef 40 API calls 3113->3115 3116 40345a 3115->3116 3116->3062 3117 405bc3 18 API calls 3117->3118 3118->3110 3118->3113 3118->3117 3120 40343f CloseHandle 3118->3120 3256 4058ef 3118->3256 3282 405401 CreateProcessA 3118->3282 3120->3118 3122 405ee5 wsprintfA LoadLibraryA 3121->3122 3122->3033 3125 405f53 GetProcAddress 3124->3125 3126 405f49 3124->3126 3128 403179 3125->3128 3127 405ec3 3 API calls 3126->3127 3129 405f4f 3127->3129 3128->3040 3129->3125 3129->3128 3130->3043 3131->3045 3133 405e03 5 API calls 3132->3133 3134 4030e8 3133->3134 3135 4030f2 3134->3135 3285 405694 lstrlenA CharPrevA 3134->3285 3135->3052 3138 4053cc 2 API calls 3139 403100 3138->3139 3140 4058a7 2 API calls 3139->3140 3141 40310b 3140->3141 3141->3052 3288 405878 GetFileAttributesA CreateFileA 3142->3288 3144 402c78 3169 402c88 3144->3169 3289 405ba1 lstrcpynA 3144->3289 3146 402c9e 3290 4056db lstrlenA 3146->3290 3150 402caf GetFileSize 3151 402dab 3150->3151 3163 402cc6 3150->3163 3297 402bd4 3151->3297 3153 402db4 3155 402de4 GlobalAlloc 3153->3155 3153->3169 3330 4030c5 SetFilePointer 3153->3330 3308 4030c5 SetFilePointer 3155->3308 3157 402e17 3161 402bd4 6 API calls 3157->3161 3159 402dcd 3162 403093 ReadFile 3159->3162 3160 402dff 3309 402e71 3160->3309 3161->3169 3165 402dd8 3162->3165 3163->3151 3163->3157 3166 402bd4 6 API calls 3163->3166 3163->3169 3295 403093 ReadFile 3163->3295 3165->3155 3165->3169 3166->3163 3167 402e0b 3167->3167 3168 402e48 SetFilePointer 3167->3168 3167->3169 3168->3169 3169->3061 3171 405f2d 5 API calls 3170->3171 3172 403608 3171->3172 3173 403620 3172->3173 3174 40360e 3172->3174 3175 405a88 3 API calls 3173->3175 3345 405aff wsprintfA 3174->3345 3176 403641 3175->3176 3177 40365f lstrcatA 3176->3177 3179 405a88 3 API calls 3176->3179 3180 40361e 3177->3180 3179->3177 3336 4038bd 3180->3336 3183 405775 18 API calls 3184 403691 3183->3184 3185 40371a 3184->3185 3187 405a88 3 API calls 3184->3187 3186 405775 18 API calls 3185->3186 3188 403720 3186->3188 3190 4036bd 3187->3190 3189 403730 LoadImageA 3188->3189 3191 405bc3 18 API calls 3188->3191 3192 4037e4 3189->3192 3193 40375b RegisterClassA 3189->3193 3190->3185 3194 4036d9 lstrlenA 3190->3194 3197 4056bf CharNextA 3190->3197 3191->3189 3196 40140b 2 API calls 3192->3196 3195 403797 SystemParametersInfoA CreateWindowExA 3193->3195 3225 4037ee 3193->3225 3198 4036e7 lstrcmpiA 3194->3198 3199 40370d 3194->3199 3195->3192 3200 4037ea 3196->3200 3201 4036d7 3197->3201 3198->3199 3202 4036f7 GetFileAttributesA 3198->3202 3203 405694 3 API calls 3199->3203 3205 4038bd 19 API calls 3200->3205 3200->3225 3201->3194 3204 403703 3202->3204 3206 403713 3203->3206 3204->3199 3207 4056db 2 API calls 3204->3207 3208 4037fb 3205->3208 3346 405ba1 lstrcpynA 3206->3346 3207->3199 3210 403807 ShowWindow 3208->3210 3211 40388a 3208->3211 3213 405ec3 3 API calls 3210->3213 3212 404f5f 5 API calls 3211->3212 3214 403890 3212->3214 3215 40381f 3213->3215 3216 403894 3214->3216 3217 4038ac 3214->3217 3218 40382d GetClassInfoA 3215->3218 3220 405ec3 3 API calls 3215->3220 3224 40140b 2 API calls 3216->3224 3216->3225 3219 40140b 2 API calls 3217->3219 3221 403841 GetClassInfoA RegisterClassA 3218->3221 3222 403857 DialogBoxParamA 3218->3222 3219->3225 3220->3218 3221->3222 3223 40140b 2 API calls 3222->3223 3223->3225 3224->3225 3225->3071 3226->3050 3348 405ba1 lstrcpynA 3227->3348 3229 405786 3349 405728 CharNextA CharNextA 3229->3349 3232 40330d 3232->3062 3241 405ba1 lstrcpynA 3232->3241 3233 405e03 5 API calls 3239 40579c 3233->3239 3234 4057c7 lstrlenA 3235 4057d2 3234->3235 3234->3239 3236 405694 3 API calls 3235->3236 3238 4057d7 GetFileAttributesA 3236->3238 3238->3232 3239->3232 3239->3234 3240 4056db 2 API calls 3239->3240 3355 405e9c FindFirstFileA 3239->3355 3240->3234 3241->3093 3242->3100 3244 405f2d 5 API calls 3243->3244 3245 40336b lstrcatA 3244->3245 3245->3086 3245->3087 3247 4053a0 GetLastError 3246->3247 3248 4033ad 3246->3248 3247->3248 3249 4053af SetFileSecurityA 3247->3249 3248->3102 3249->3248 3250 4053c5 GetLastError 3249->3250 3250->3248 3252 4053e0 GetLastError 3251->3252 3253 4053dc 3251->3253 3252->3253 3253->3102 3254->3107 3255->3118 3257 405f2d 5 API calls 3256->3257 3258 4058fa 3257->3258 3259 405957 GetShortPathNameA 3258->3259 3260 405a4c 3258->3260 3358 405878 GetFileAttributesA CreateFileA 3258->3358 3259->3260 3261 40596c 3259->3261 3260->3118 3261->3260 3263 405974 wsprintfA 3261->3263 3265 405bc3 18 API calls 3263->3265 3264 40593b CloseHandle GetShortPathNameA 3264->3260 3266 40594f 3264->3266 3267 40599c 3265->3267 3266->3259 3266->3260 3359 405878 GetFileAttributesA CreateFileA 3267->3359 3269 4059a9 3269->3260 3270 4059b8 GetFileSize GlobalAlloc 3269->3270 3271 405a45 CloseHandle 3270->3271 3272 4059d6 ReadFile 3270->3272 3271->3260 3272->3271 3273 4059ea 3272->3273 3273->3271 3360 4057ed lstrlenA 3273->3360 3276 405a59 3278 4057ed 4 API calls 3276->3278 3277 4059ff 3365 405ba1 lstrcpynA 3277->3365 3280 405a0d 3278->3280 3281 405a20 SetFilePointer WriteFile GlobalFree 3280->3281 3281->3271 3283 405430 CloseHandle 3282->3283 3284 40543c 3282->3284 3283->3284 3284->3118 3286 4030fa 3285->3286 3287 4056ae lstrcatA 3285->3287 3286->3138 3287->3286 3288->3144 3289->3146 3291 4056e8 3290->3291 3292 402ca4 3291->3292 3293 4056ed CharPrevA 3291->3293 3294 405ba1 lstrcpynA 3292->3294 3293->3291 3293->3292 3294->3150 3296 4030b4 3295->3296 3296->3163 3298 402bf5 3297->3298 3299 402bdd 3297->3299 3300 402c05 GetTickCount 3298->3300 3301 402bfd 3298->3301 3302 402be6 DestroyWindow 3299->3302 3303 402bed 3299->3303 3305 402c13 CreateDialogParamA ShowWindow 3300->3305 3306 402c36 3300->3306 3331 405f69 3301->3331 3302->3303 3303->3153 3305->3306 3306->3153 3308->3160 3310 402e87 3309->3310 3311 402eb5 3310->3311 3335 4030c5 SetFilePointer 3310->3335 3313 403093 ReadFile 3311->3313 3314 402ec0 3313->3314 3315 402ed2 GetTickCount 3314->3315 3316 403027 3314->3316 3317 403012 3314->3317 3315->3317 3326 402f21 3315->3326 3318 40302b 3316->3318 3319 403043 3316->3319 3317->3167 3321 403093 ReadFile 3318->3321 3319->3317 3322 403093 ReadFile 3319->3322 3323 40305e WriteFile 3319->3323 3320 403093 ReadFile 3320->3326 3321->3317 3322->3319 3323->3317 3324 403073 3323->3324 3324->3317 3324->3319 3325 402f77 GetTickCount 3325->3326 3326->3317 3326->3320 3326->3325 3327 402f9c MulDiv wsprintfA 3326->3327 3328 402fda WriteFile 3326->3328 3329 404e8d 25 API calls 3327->3329 3328->3317 3328->3326 3329->3326 3330->3159 3332 405f86 PeekMessageA 3331->3332 3333 402c03 3332->3333 3334 405f7c DispatchMessageA 3332->3334 3333->3153 3334->3332 3335->3311 3337 4038d1 3336->3337 3347 405aff wsprintfA 3337->3347 3339 403942 3340 405bc3 18 API calls 3339->3340 3341 40394e SetWindowTextA 3340->3341 3342 40366f 3341->3342 3343 40396a 3341->3343 3342->3183 3343->3342 3344 405bc3 18 API calls 3343->3344 3344->3343 3345->3180 3346->3185 3347->3339 3348->3229 3350 405742 3349->3350 3354 40574e 3349->3354 3352 405749 CharNextA 3350->3352 3350->3354 3351 40576b 3351->3232 3351->3233 3352->3351 3353 4056bf CharNextA 3353->3354 3354->3351 3354->3353 3356 405eb2 FindClose 3355->3356 3357 405ebd 3355->3357 3356->3357 3357->3239 3358->3264 3359->3269 3361 405823 lstrlenA 3360->3361 3362 405801 lstrcmpiA 3361->3362 3363 40582d 3361->3363 3362->3363 3364 40581a CharNextA 3362->3364 3363->3276 3363->3277 3364->3361 3365->3280 3366 40190d 3367 40190f 3366->3367 3368 402a0c 18 API calls 3367->3368 3369 401914 3368->3369 3372 4054c6 3369->3372 3373 405775 18 API calls 3372->3373 3374 4054da 3373->3374 3375 4054e3 DeleteFileA 3374->3375 3376 4054fa 3374->3376 3377 40191d 3375->3377 3378 40562f 3376->3378 3413 405ba1 lstrcpynA 3376->3413 3378->3377 3383 405e9c 2 API calls 3378->3383 3380 405524 3381 405535 3380->3381 3382 405528 lstrcatA 3380->3382 3385 4056db 2 API calls 3381->3385 3384 40553b 3382->3384 3387 405654 3383->3387 3386 405549 lstrcatA 3384->3386 3388 405554 lstrlenA FindFirstFileA 3384->3388 3385->3384 3386->3388 3387->3377 3389 405694 3 API calls 3387->3389 3388->3378 3392 405578 3388->3392 3391 40565e 3389->3391 3390 4056bf CharNextA 3390->3392 3393 405859 2 API calls 3391->3393 3392->3390 3398 40560e FindNextFileA 3392->3398 3406 4054c6 61 API calls 3392->3406 3409 404e8d 25 API calls 3392->3409 3412 4055ec 3392->3412 3414 405ba1 lstrcpynA 3392->3414 3415 405859 GetFileAttributesA 3392->3415 3394 405664 RemoveDirectoryA 3393->3394 3395 405686 3394->3395 3396 40566f 3394->3396 3397 404e8d 25 API calls 3395->3397 3396->3377 3400 405675 3396->3400 3397->3377 3398->3392 3401 405626 FindClose 3398->3401 3402 404e8d 25 API calls 3400->3402 3401->3378 3403 40567d 3402->3403 3404 4058ef 40 API calls 3403->3404 3407 405684 3404->3407 3406->3392 3407->3377 3409->3398 3410 404e8d 25 API calls 3410->3412 3411 4058ef 40 API calls 3411->3412 3412->3398 3412->3410 3412->3411 3413->3380 3414->3392 3416 4055db DeleteFileA 3415->3416 3417 405868 SetFileAttributesA 3415->3417 3416->3392 3417->3416 3833 401490 3834 404e8d 25 API calls 3833->3834 3835 401497 3834->3835 3836 402611 3837 4028a1 3836->3837 3838 402618 3836->3838 3839 40261e FindClose 3838->3839 3839->3837 3840 402692 3841 402a0c 18 API calls 3840->3841 3842 4026a0 3841->3842 3843 4026b6 3842->3843 3844 402a0c 18 API calls 3842->3844 3845 405859 2 API calls 3843->3845 3844->3843 3846 4026bc 3845->3846 3866 405878 GetFileAttributesA CreateFileA 3846->3866 3848 4026c9 3849 402772 3848->3849 3850 4026d5 GlobalAlloc 3848->3850 3851 40277a DeleteFileA 3849->3851 3852 40278d 3849->3852 3853 402769 CloseHandle 3850->3853 3854 4026ee 3850->3854 3851->3852 3853->3849 3867 4030c5 SetFilePointer 3854->3867 3856 4026f4 3857 403093 ReadFile 3856->3857 3858 4026fd GlobalAlloc 3857->3858 3859 402741 WriteFile GlobalFree 3858->3859 3860 40270d 3858->3860 3862 402e71 33 API calls 3859->3862 3861 402e71 33 API calls 3860->3861 3865 40271a 3861->3865 3863 402766 3862->3863 3863->3853 3864 402738 GlobalFree 3864->3859 3865->3864 3866->3848 3867->3856 3868 402793 3869 4029ef 18 API calls 3868->3869 3870 402799 3869->3870 3871 4027d4 3870->3871 3872 4027bd 3870->3872 3878 402672 3870->3878 3873 4027ea 3871->3873 3874 4027de 3871->3874 3875 4027c2 3872->3875 3881 4027d1 3872->3881 3877 405bc3 18 API calls 3873->3877 3876 4029ef 18 API calls 3874->3876 3882 405ba1 lstrcpynA 3875->3882 3876->3881 3877->3881 3881->3878 3883 405aff wsprintfA 3881->3883 3882->3878 3883->3878 3500 401d95 3501 4029ef 18 API calls 3500->3501 3502 401d9b 3501->3502 3503 4029ef 18 API calls 3502->3503 3504 401da4 3503->3504 3505 401db6 EnableWindow 3504->3505 3506 401dab ShowWindow 3504->3506 3507 4028a1 3505->3507 3506->3507 3884 401595 3885 402a0c 18 API calls 3884->3885 3886 40159c SetFileAttributesA 3885->3886 3887 4015ae 3886->3887 3888 401e95 3889 402a0c 18 API calls 3888->3889 3890 401e9c 3889->3890 3891 405e9c 2 API calls 3890->3891 3892 401ea2 3891->3892 3894 401eb4 3892->3894 3895 405aff wsprintfA 3892->3895 3895->3894 3896 401696 3897 402a0c 18 API calls 3896->3897 3898 40169c GetFullPathNameA 3897->3898 3899 4016b3 3898->3899 3905 4016d4 3898->3905 3901 405e9c 2 API calls 3899->3901 3899->3905 3900 4016e8 GetShortPathNameA 3903 4028a1 3900->3903 3902 4016c4 3901->3902 3902->3905 3906 405ba1 lstrcpynA 3902->3906 3905->3900 3905->3903 3906->3905 3907 402319 3908 40231f 3907->3908 3909 402a0c 18 API calls 3908->3909 3910 402331 3909->3910 3911 402a0c 18 API calls 3910->3911 3912 40233b RegCreateKeyExA 3911->3912 3913 4028a1 3912->3913 3914 402365 3912->3914 3915 40237d 3914->3915 3916 402a0c 18 API calls 3914->3916 3917 402389 3915->3917 3919 4029ef 18 API calls 3915->3919 3918 402376 lstrlenA 3916->3918 3920 4023a4 RegSetValueExA 3917->3920 3921 402e71 33 API calls 3917->3921 3918->3915 3919->3917 3922 4023ba RegCloseKey 3920->3922 3921->3920 3922->3913 3924 402819 3925 4029ef 18 API calls 3924->3925 3926 40281f 3925->3926 3927 402850 3926->3927 3929 40282d 3926->3929 3930 402672 3926->3930 3928 405bc3 18 API calls 3927->3928 3927->3930 3928->3930 3929->3930 3932 405aff wsprintfA 3929->3932 3932->3930 3513 40351a 3514 403532 3513->3514 3515 403524 CloseHandle 3513->3515 3520 40355f 3514->3520 3515->3514 3518 4054c6 70 API calls 3519 403543 3518->3519 3521 40356d 3520->3521 3522 403537 3521->3522 3523 403572 FreeLibrary GlobalFree 3521->3523 3522->3518 3523->3522 3523->3523 3524 401e1b 3525 402a0c 18 API calls 3524->3525 3526 401e21 3525->3526 3527 404e8d 25 API calls 3526->3527 3528 401e2b 3527->3528 3529 405401 2 API calls 3528->3529 3530 401e31 3529->3530 3531 401e87 FindCloseChangeNotification 3530->3531 3532 402672 3530->3532 3533 401e50 WaitForSingleObject 3530->3533 3535 405f69 2 API calls 3530->3535 3531->3532 3533->3530 3534 401e5e GetExitCodeProcess 3533->3534 3536 401e70 3534->3536 3537 401e79 3534->3537 3535->3533 3539 405aff wsprintfA 3536->3539 3537->3531 3539->3537 3933 401d1b GetDC GetDeviceCaps 3934 4029ef 18 API calls 3933->3934 3935 401d37 MulDiv 3934->3935 3936 4029ef 18 API calls 3935->3936 3937 401d4c 3936->3937 3938 405bc3 18 API calls 3937->3938 3939 401d85 CreateFontIndirectA 3938->3939 3940 4024ce 3939->3940 3941 40429b 3942 4042c7 3941->3942 3943 4042d8 3941->3943 4002 405446 GetDlgItemTextA 3942->4002 3944 4042e4 GetDlgItem 3943->3944 3950 404343 3943->3950 3947 4042f8 3944->3947 3946 4042d2 3948 405e03 5 API calls 3946->3948 3949 40430c SetWindowTextA 3947->3949 3953 405728 4 API calls 3947->3953 3948->3943 3954 403e5d 19 API calls 3949->3954 3955 405bc3 18 API calls 3950->3955 3963 404427 3950->3963 4000 4045d1 3950->4000 3952 403ec4 8 API calls 3957 4045e5 3952->3957 3958 404302 3953->3958 3959 404328 3954->3959 3960 4043b7 SHBrowseForFolderA 3955->3960 3956 404457 3961 405775 18 API calls 3956->3961 3958->3949 3966 405694 3 API calls 3958->3966 3962 403e5d 19 API calls 3959->3962 3960->3963 3964 4043cf CoTaskMemFree 3960->3964 3965 40445d 3961->3965 3967 404336 3962->3967 3963->4000 4004 405446 GetDlgItemTextA 3963->4004 3968 405694 3 API calls 3964->3968 4005 405ba1 lstrcpynA 3965->4005 3966->3949 4003 403e92 SendMessageA 3967->4003 3970 4043dc 3968->3970 3973 404413 SetDlgItemTextA 3970->3973 3977 405bc3 18 API calls 3970->3977 3972 40433c 3975 405f2d 5 API calls 3972->3975 3973->3963 3974 404474 3976 405f2d 5 API calls 3974->3976 3975->3950 3984 40447b 3976->3984 3978 4043fb lstrcmpiA 3977->3978 3978->3973 3980 40440c lstrcatA 3978->3980 3979 4044b7 4006 405ba1 lstrcpynA 3979->4006 3980->3973 3982 4044be 3983 405728 4 API calls 3982->3983 3985 4044c4 GetDiskFreeSpaceA 3983->3985 3984->3979 3988 4056db 2 API calls 3984->3988 3990 40450f 3984->3990 3987 4044e8 MulDiv 3985->3987 3985->3990 3987->3990 3988->3984 3989 404580 3992 4045a3 3989->3992 3994 40140b 2 API calls 3989->3994 3990->3989 3991 404717 21 API calls 3990->3991 3993 40456d 3991->3993 4007 403e7f KiUserCallbackDispatcher 3992->4007 3995 404582 SetDlgItemTextA 3993->3995 3996 404572 3993->3996 3994->3992 3995->3989 3998 404652 21 API calls 3996->3998 3998->3989 3999 4045bf 3999->4000 4008 404230 3999->4008 4000->3952 4002->3946 4003->3972 4004->3956 4005->3974 4006->3982 4007->3999 4009 404243 SendMessageA 4008->4009 4010 40423e 4008->4010 4009->4000 4010->4009 3543 40251c 3544 4029ef 18 API calls 3543->3544 3546 402526 3544->3546 3545 40255a ReadFile 3545->3546 3550 40259c 3545->3550 3546->3545 3547 40259e 3546->3547 3548 4025ae 3546->3548 3546->3550 3552 405aff wsprintfA 3547->3552 3548->3550 3551 4025c4 SetFilePointer 3548->3551 3551->3550 3552->3550 2804 401721 2805 402a0c 18 API calls 2804->2805 2806 401728 2805->2806 2810 4058a7 2806->2810 2808 40172f 2809 4058a7 2 API calls 2808->2809 2809->2808 2811 4058b2 GetTickCount GetTempFileNameA 2810->2811 2812 4058e2 2811->2812 2813 4058de 2811->2813 2812->2808 2813->2811 2813->2812 4011 401922 4012 402a0c 18 API calls 4011->4012 4013 401929 lstrlenA 4012->4013 4014 4024ce 4013->4014 4014->4014 4015 403fa5 4016 403fbb 4015->4016 4024 4040c8 4015->4024 4020 403e5d 19 API calls 4016->4020 4017 404137 4018 404141 GetDlgItem 4017->4018 4019 40420b 4017->4019 4022 404157 4018->4022 4023 4041c9 4018->4023 4025 403ec4 8 API calls 4019->4025 4021 404011 4020->4021 4026 403e5d 19 API calls 4021->4026 4022->4023 4030 40417d 6 API calls 4022->4030 4023->4019 4031 4041db 4023->4031 4024->4017 4024->4019 4027 40410c GetDlgItem SendMessageA 4024->4027 4028 404206 4025->4028 4029 40401e CheckDlgButton 4026->4029 4046 403e7f KiUserCallbackDispatcher 4027->4046 4044 403e7f KiUserCallbackDispatcher 4029->4044 4030->4023 4034 4041e1 SendMessageA 4031->4034 4035 4041f2 4031->4035 4034->4035 4035->4028 4039 4041f8 SendMessageA 4035->4039 4036 404132 4037 404230 SendMessageA 4036->4037 4037->4017 4038 40403c GetDlgItem 4045 403e92 SendMessageA 4038->4045 4039->4028 4041 404052 SendMessageA 4042 404070 GetSysColor 4041->4042 4043 404079 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4041->4043 4042->4043 4043->4028 4044->4038 4045->4041 4046->4036 4047 401ca5 4048 4029ef 18 API calls 4047->4048 4049 401cb5 SetWindowLongA 4048->4049 4050 4028a1 4049->4050 4051 401a26 4052 4029ef 18 API calls 4051->4052 4053 401a2c 4052->4053 4054 4029ef 18 API calls 4053->4054 4055 4019d6 4054->4055 4056 40262b 4057 402646 4056->4057 4058 40262e 4056->4058 4059 4027cc 4057->4059 4062 405ba1 lstrcpynA 4057->4062 4060 40263b FindNextFileA 4058->4060 4060->4057 4062->4059 3418 401bad 3419 4029ef 18 API calls 3418->3419 3420 401bb4 3419->3420 3421 4029ef 18 API calls 3420->3421 3422 401bbe 3421->3422 3423 401bce 3422->3423 3424 402a0c 18 API calls 3422->3424 3425 401bde 3423->3425 3426 402a0c 18 API calls 3423->3426 3424->3423 3427 401be9 3425->3427 3428 401c2d 3425->3428 3426->3425 3430 4029ef 18 API calls 3427->3430 3429 402a0c 18 API calls 3428->3429 3431 401c32 3429->3431 3432 401bee 3430->3432 3433 402a0c 18 API calls 3431->3433 3434 4029ef 18 API calls 3432->3434 3436 401c3b FindWindowExA 3433->3436 3435 401bf7 3434->3435 3437 401c1d SendMessageA 3435->3437 3438 401bff SendMessageTimeoutA 3435->3438 3439 401c59 3436->3439 3437->3439 3438->3439 4063 4024b2 4064 402a0c 18 API calls 4063->4064 4065 4024b9 4064->4065 4068 405878 GetFileAttributesA CreateFileA 4065->4068 4067 4024c5 4068->4067 4069 4035b2 4070 4035bd 4069->4070 4071 4035c4 GlobalAlloc 4070->4071 4072 4035c1 4070->4072 4071->4072 3440 4015b3 3441 402a0c 18 API calls 3440->3441 3442 4015ba 3441->3442 3443 405728 4 API calls 3442->3443 3450 4015c2 3443->3450 3444 40160a 3445 40160f 3444->3445 3449 40162d 3444->3449 3448 401423 25 API calls 3445->3448 3446 4056bf CharNextA 3447 4015d0 CreateDirectoryA 3446->3447 3447->3450 3451 4015e5 GetLastError 3447->3451 3453 401616 3448->3453 3452 401423 25 API calls 3449->3452 3450->3444 3450->3446 3451->3450 3454 4015f2 GetFileAttributesA 3451->3454 3457 40217f 3452->3457 3458 405ba1 lstrcpynA 3453->3458 3454->3450 3456 401621 SetCurrentDirectoryA 3456->3457 3458->3456 3459 401734 3460 402a0c 18 API calls 3459->3460 3461 40173b 3460->3461 3462 401761 3461->3462 3463 401759 3461->3463 3499 405ba1 lstrcpynA 3462->3499 3498 405ba1 lstrcpynA 3463->3498 3466 40175f 3469 405e03 5 API calls 3466->3469 3467 40176c 3468 405694 3 API calls 3467->3468 3470 401772 lstrcatA 3468->3470 3472 40177e 3469->3472 3470->3466 3471 405e9c 2 API calls 3471->3472 3472->3471 3473 405859 2 API calls 3472->3473 3475 401795 CompareFileTime 3472->3475 3476 401859 3472->3476 3478 401830 3472->3478 3479 405ba1 lstrcpynA 3472->3479 3485 405bc3 18 API calls 3472->3485 3494 405462 MessageBoxIndirectA 3472->3494 3497 405878 GetFileAttributesA CreateFileA 3472->3497 3473->3472 3475->3472 3477 404e8d 25 API calls 3476->3477 3480 401863 3477->3480 3481 404e8d 25 API calls 3478->3481 3487 401845 3478->3487 3479->3472 3482 402e71 33 API calls 3480->3482 3481->3487 3483 401876 3482->3483 3484 40188a SetFileTime 3483->3484 3486 40189c FindCloseChangeNotification 3483->3486 3484->3486 3485->3472 3486->3487 3488 4018ad 3486->3488 3489 4018b2 3488->3489 3490 4018c5 3488->3490 3491 405bc3 18 API calls 3489->3491 3492 405bc3 18 API calls 3490->3492 3495 4018ba lstrcatA 3491->3495 3493 4018cd 3492->3493 3496 405462 MessageBoxIndirectA 3493->3496 3494->3472 3495->3493 3496->3487 3497->3472 3498->3466 3499->3467 4073 401634 4074 402a0c 18 API calls 4073->4074 4075 40163a 4074->4075 4076 405e9c 2 API calls 4075->4076 4077 401640 4076->4077 4078 401934 4079 4029ef 18 API calls 4078->4079 4080 40193b 4079->4080 4081 4029ef 18 API calls 4080->4081 4082 401945 4081->4082 4083 402a0c 18 API calls 4082->4083 4084 40194e 4083->4084 4085 401961 lstrlenA 4084->4085 4090 40199c 4084->4090 4086 40196b 4085->4086 4086->4090 4091 405ba1 lstrcpynA 4086->4091 4088 401985 4089 401992 lstrlenA 4088->4089 4088->4090 4089->4090 4091->4088 4092 4019b5 4093 402a0c 18 API calls 4092->4093 4094 4019bc 4093->4094 4095 402a0c 18 API calls 4094->4095 4096 4019c5 4095->4096 4097 4019cc lstrcmpiA 4096->4097 4098 4019de lstrcmpA 4096->4098 4099 4019d2 4097->4099 4098->4099 4100 402036 4101 402a0c 18 API calls 4100->4101 4102 40203d 4101->4102 4103 402a0c 18 API calls 4102->4103 4104 402047 4103->4104 4105 402a0c 18 API calls 4104->4105 4106 402050 4105->4106 4107 402a0c 18 API calls 4106->4107 4108 40205a 4107->4108 4109 402a0c 18 API calls 4108->4109 4110 402064 4109->4110 4111 402078 CoCreateInstance 4110->4111 4112 402a0c 18 API calls 4110->4112 4115 402097 4111->4115 4116 40214d 4111->4116 4112->4111 4113 401423 25 API calls 4114 40217f 4113->4114 4115->4116 4117 40212c MultiByteToWideChar 4115->4117 4116->4113 4116->4114 4117->4116 4118 4014b7 4119 4014bd 4118->4119 4120 401389 2 API calls 4119->4120 4121 4014c5 4120->4121 4122 402239 4123 402241 4122->4123 4124 402247 4122->4124 4126 402a0c 18 API calls 4123->4126 4125 402257 4124->4125 4127 402a0c 18 API calls 4124->4127 4128 402265 4125->4128 4129 402a0c 18 API calls 4125->4129 4126->4124 4127->4125 4130 402a0c 18 API calls 4128->4130 4129->4128 4131 40226e WritePrivateProfileStringA 4130->4131 4132 40243d 4133 402b16 19 API calls 4132->4133 4134 402447 4133->4134 4135 4029ef 18 API calls 4134->4135 4136 402450 4135->4136 4137 402473 RegEnumValueA 4136->4137 4138 402467 RegEnumKeyA 4136->4138 4140 402672 4136->4140 4139 40248c RegCloseKey 4137->4139 4137->4140 4138->4139 4139->4140 4142 4022bd 4143 4022c2 4142->4143 4144 4022ed 4142->4144 4145 402b16 19 API calls 4143->4145 4146 402a0c 18 API calls 4144->4146 4147 4022c9 4145->4147 4149 4022f4 4146->4149 4148 402a0c 18 API calls 4147->4148 4152 40230a 4147->4152 4150 4022da RegDeleteValueA RegCloseKey 4148->4150 4153 402a4c RegOpenKeyExA 4149->4153 4150->4152 4155 402a77 4153->4155 4161 402ac3 4153->4161 4154 402a9d RegEnumKeyA 4154->4155 4156 402aaf RegCloseKey 4154->4156 4155->4154 4155->4156 4158 402ad4 RegCloseKey 4155->4158 4159 402a4c 5 API calls 4155->4159 4157 405f2d 5 API calls 4156->4157 4160 402abf 4157->4160 4158->4161 4159->4155 4160->4161 4162 402aef RegDeleteKeyA 4160->4162 4161->4152 4162->4161

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 0040310D Relevance: 86.1, APIs: 26, Strings: 23, Instructions: 313stringfilecomCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 0 40310d-403141 SetErrorMode GetVersion 1 403143-40314b call 405f2d 0->1 2 403154-4031e4 call 405ec3 * 3 call 405f2d * 2 #17 OleInitialize SHGetFileInfoA call 405ba1 GetCommandLineA call 405ba1 GetModuleHandleA 0->2 1->2 7 40314d 1->7 20 4031f0-403205 call 4056bf CharNextA 2->20 21 4031e6-4031eb 2->21 7->2 24 40326a-40326e 20->24 21->20 25 403270 24->25 26 403207-40320a 24->26 29 403283-40329b GetTempPathA call 4030dc 25->29 27 403212-40321a 26->27 28 40320c-403210 26->28 31 403222-403225 27->31 32 40321c-40321d 27->32 28->27 28->28 38 4032bd-4032d4 DeleteFileA call 402c38 29->38 39 40329d-4032bb GetWindowsDirectoryA lstrcatA call 4030dc 29->39 33 403227-40322b 31->33 34 40325a-403267 call 4056bf 31->34 32->31 36 40323b-403241 33->36 37 40322d-403236 33->37 34->24 51 403269 34->51 43 403251-403258 36->43 44 403243-40324c 36->44 37->36 41 403238 37->41 52 40333b-40334a ExitProcess OleUninitialize 38->52 53 4032d6-4032dc 38->53 39->38 39->52 41->36 43->34 49 403272-40327e call 405ba1 43->49 44->43 48 40324e 44->48 48->43 49->29 51->24 57 403350-403360 call 405462 ExitProcess 52->57 58 40345f-403465 52->58 55 40332b-403332 call 4035f4 53->55 56 4032de-4032e7 call 4056bf 53->56 65 403337 55->65 71 4032f2-4032f4 56->71 59 403502-40350a 58->59 60 40346b-403488 call 405f2d * 3 58->60 66 403510-403514 ExitProcess 59->66 67 40350c 59->67 88 4034d2-4034e0 call 405f2d 60->88 89 40348a-40348c 60->89 65->52 67->66 72 4032f6-403300 71->72 73 4032e9-4032ef 71->73 75 403302-40330f call 405775 72->75 76 403366-40337a call 4053e9 lstrcatA 72->76 73->72 78 4032f1 73->78 75->52 87 403311-403327 call 405ba1 * 2 75->87 85 403387-4033a1 lstrcatA lstrcmpiA 76->85 86 40337c-403382 lstrcatA 76->86 78->71 85->52 91 4033a3-4033a6 85->91 86->85 87->55 99 4034e2-4034ec 88->99 100 4034ee-4034f9 ExitWindowsEx 88->100 89->88 93 40348e-403490 89->93 95 4033a8-4033ad call 40534f 91->95 96 4033af call 4053cc 91->96 93->88 98 403492-4034a4 GetCurrentProcess 93->98 107 4033b4-4033c1 SetCurrentDirectoryA 95->107 96->107 98->88 113 4034a6-4034c8 98->113 99->100 106 4034fb-4034fd call 40140b 99->106 100->59 100->106 106->59 111 4033c3-4033c9 call 405ba1 107->111 112 4033ce-4033e8 call 405ba1 107->112 111->112 118 4033ed-403409 call 405bc3 DeleteFileA 112->118 113->88 121 40344a-403451 118->121 122 40340b-40341b CopyFileA 118->122 121->118 124 403453-40345a call 4058ef 121->124 122->121 123 40341d-40343d call 4058ef call 405bc3 call 405401 122->123 123->121 133 40343f-403446 CloseHandle 123->133 124->52 133->121
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32 ref: 00403131
                                                                                                                                                                                                                                                    • GetVersion.KERNEL32 ref: 00403137
                                                                                                                                                                                                                                                    • #17.COMCTL32(0000000B,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00403185
                                                                                                                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 0040318C
                                                                                                                                                                                                                                                    • SHGetFileInfoA.SHELL32(00429078,00000000,?,00000160,00000000), ref: 004031A8
                                                                                                                                                                                                                                                    • GetCommandLineA.KERNEL32(Fast! Setup,NSIS Error), ref: 004031BD
                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\Setup (1).exe",00000000), ref: 004031D0
                                                                                                                                                                                                                                                    • CharNextA.USER32(00000000,"C:\Users\user\Desktop\Setup (1).exe",00409188), ref: 004031FB
                                                                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040328E
                                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004032A3
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032AF
                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(1033), ref: 004032C2
                                                                                                                                                                                                                                                      • Part of subcall function 00405F2D: GetModuleHandleA.KERNEL32(?,?,00000000,00403179,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00405F3F
                                                                                                                                                                                                                                                      • Part of subcall function 00405F2D: GetProcAddress.KERNEL32(00000000,?), ref: 00405F5A
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32(00000000), ref: 0040333B
                                                                                                                                                                                                                                                    • OleUninitialize.OLE32(00000000), ref: 00403340
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00403360
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Setup (1).exe",00000000,00000000), ref: 00403373
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Setup (1).exe",00000000,00000000), ref: 00403382
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Setup (1).exe",00000000,00000000), ref: 0040338D
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop), ref: 00403399
                                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033B5
                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(00428C78,00428C78,?,C:\Users\user\AppData\Local\Temp\nso119A.tmp,?), ref: 004033FF
                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(C:\Users\user\Desktop\Setup (1).exe,00428C78,00000001), ref: 00403413
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00428C78,00428C78,?,00428C78,00000000), ref: 00403440
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 00403499
                                                                                                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,80040002), ref: 004034F1
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00403514
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExitFileProcesslstrcat$Handle$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpi
                                                                                                                                                                                                                                                    • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\Setup (1).exe"$.tmp$1033$C:\Program Files (x86)\Fast!$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nso119A.tmp$C:\Users\user\Desktop$C:\Users\user\Desktop\Setup (1).exe$Error launching installer$Fast! Setup$NCRC$NSIS Error$SETUPAPI$SeShutdownPrivilege$USERENV$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                                                    • API String ID: 2193684524-899999036
                                                                                                                                                                                                                                                    • Opcode ID: efbb3eae5aa99f274589bdc9860b71f913c988c5d0d561142775f82ee96160fe
                                                                                                                                                                                                                                                    • Instruction ID: 451575da7f46b68c591153a14feb1e54add6b468c03afba2ffefeba693a227d9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: efbb3eae5aa99f274589bdc9860b71f913c988c5d0d561142775f82ee96160fe
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55A1E3705083416AE7216F629C4AF6B7EACEB4570AF04047FF541B61D2CB7C9A058A6F
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00404FCB Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 134 404fcb-404fe6 135 405177-40517e 134->135 136 404fec-4050b5 GetDlgItem * 3 call 403e92 call 40472f GetClientRect GetSystemMetrics SendMessageA * 2 134->136 138 405180-4051a2 GetDlgItem CreateThread CloseHandle 135->138 139 4051a8-4051b5 135->139 158 4050d3-4050d6 136->158 159 4050b7-4050d1 SendMessageA * 2 136->159 138->139 141 4051d3-4051da 139->141 142 4051b7-4051bd 139->142 146 405231-405235 141->146 147 4051dc-4051e2 141->147 144 4051f5-4051fe call 403ec4 142->144 145 4051bf-4051ce ShowWindow * 2 call 403e92 142->145 155 405203-405207 144->155 145->141 146->144 152 405237-40523a 146->152 148 4051e4-4051f0 call 403e36 147->148 149 40520a-40521a ShowWindow 147->149 148->144 156 40522a-40522c call 403e36 149->156 157 40521c-405225 call 404e8d 149->157 152->144 160 40523c-40524f SendMessageA 152->160 156->146 157->156 163 4050e6-4050fd call 403e5d 158->163 164 4050d8-4050e4 SendMessageA 158->164 159->158 165 405255-405276 CreatePopupMenu call 405bc3 AppendMenuA 160->165 166 405348-40534a 160->166 173 405133-405154 GetDlgItem SendMessageA 163->173 174 4050ff-405113 ShowWindow 163->174 164->163 171 405278-405289 GetWindowRect 165->171 172 40528b-405291 165->172 166->155 175 405294-4052ac TrackPopupMenu 171->175 172->175 173->166 178 40515a-405172 SendMessageA * 2 173->178 176 405122 174->176 177 405115-405120 ShowWindow 174->177 175->166 179 4052b2-4052c9 175->179 180 405128-40512e call 403e92 176->180 177->180 178->166 181 4052ce-4052e9 SendMessageA 179->181 180->173 181->181 183 4052eb-40530b OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 181->183 184 40530d-40532c SendMessageA 183->184 184->184 185 40532e-405342 GlobalUnlock SetClipboardData CloseClipboard 184->185 185->166
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000403), ref: 0040502A
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 00405039
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00405076
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000015), ref: 0040507E
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 0040509F
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004050B0
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 004050C3
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 004050D1
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001024,00000000,?), ref: 004050E4
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405106
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 0040511A
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 0040513B
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 0040514B
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405164
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00405170
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F8), ref: 00405048
                                                                                                                                                                                                                                                      • Part of subcall function 00403E92: SendMessageA.USER32(00000028,?,00000001,00403CC3), ref: 00403EA0
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 0040518D
                                                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_00004F5F,00000000), ref: 0040519B
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004051A2
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 004051C6
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00020426,00000008), ref: 004051CB
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000008), ref: 00405212
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00020426,00001004,00000000,00000000), ref: 00405244
                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00405255
                                                                                                                                                                                                                                                    • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 0040526A
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00020426,?), ref: 0040527D
                                                                                                                                                                                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004052A1
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004052DC
                                                                                                                                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 004052EC
                                                                                                                                                                                                                                                    • EmptyClipboard.USER32 ref: 004052F2
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004052FB
                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405305
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405319
                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405331
                                                                                                                                                                                                                                                    • SetClipboardData.USER32(00000001,00000000), ref: 0040533C
                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 00405342
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                                    • String ID: <[p${
                                                                                                                                                                                                                                                    • API String ID: 590372296-3694201723
                                                                                                                                                                                                                                                    • Opcode ID: 7c969585dd39d009cc1e02a2334c0b9a42a5dd862372eacb49a1290c3c060fea
                                                                                                                                                                                                                                                    • Instruction ID: 9773a58430cbfeecb670b401eb949321dafbae4239e93fa01985779c5be3160a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c969585dd39d009cc1e02a2334c0b9a42a5dd862372eacb49a1290c3c060fea
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADA14A70900208BFDB11AFA1DC89AAE7F79FB08354F40853AFA04BA1A0C7755A51DF99
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004054C6 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 156filestringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 430 4054c6-4054e1 call 405775 433 4054e3-4054f5 DeleteFileA 430->433 434 4054fa-405504 430->434 435 40568e-405691 433->435 436 405506-405508 434->436 437 405518-405526 call 405ba1 434->437 438 405639-40563f 436->438 439 40550e-405512 436->439 445 405535-405536 call 4056db 437->445 446 405528-405533 lstrcatA 437->446 438->435 441 405641-405644 438->441 439->437 439->438 443 405646-40564c 441->443 444 40564e-405656 call 405e9c 441->444 443->435 444->435 454 405658-40566d call 405694 call 405859 RemoveDirectoryA 444->454 448 40553b-40553e 445->448 446->448 450 405540-405547 448->450 451 405549-40554f lstrcatA 448->451 450->451 453 405554-405572 lstrlenA FindFirstFileA 450->453 451->453 455 405578-40558f call 4056bf 453->455 456 40562f-405633 453->456 469 405686-405689 call 404e8d 454->469 470 40566f-405673 454->470 463 405591-405595 455->463 464 40559a-40559d 455->464 456->438 458 405635 456->458 458->438 463->464 466 405597 463->466 467 4055b0-4055be call 405ba1 464->467 468 40559f-4055a4 464->468 466->464 481 4055c0-4055c8 467->481 482 4055d5-4055e4 call 405859 DeleteFileA 467->482 472 4055a6-4055a8 468->472 473 40560e-405620 FindNextFileA 468->473 469->435 470->443 475 405675-405684 call 404e8d call 4058ef 470->475 472->467 478 4055aa-4055ae 472->478 473->455 476 405626-405629 FindClose 473->476 475->435 476->456 478->467 478->473 481->473 483 4055ca-4055d3 call 4054c6 481->483 490 405606-405609 call 404e8d 482->490 491 4055e6-4055ea 482->491 483->473 490->473 492 4055ec-4055fc call 404e8d call 4058ef 491->492 493 4055fe-405604 491->493 492->473 493->473
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004054E4
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsd4724.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040552E
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(?,00409010,?,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040554F
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405555
                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsd4724.tmp\*.*,?,?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405566
                                                                                                                                                                                                                                                    • FindNextFileA.KERNELBASE(?,00000010,000000F2,?), ref: 00405618
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 00405629
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                    • String ID: "C:\Users\user\Desktop\Setup (1).exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsd4724.tmp\*.*$\*.*
                                                                                                                                                                                                                                                    • API String ID: 2035342205-3822458992
                                                                                                                                                                                                                                                    • Opcode ID: 74f2121813b91fa0b44fb586efb307df28f6166ed0feab1c497f80d0b841f1b9
                                                                                                                                                                                                                                                    • Instruction ID: 7349ebf4964971957ddff473b41d0a41d9b63905a7032000284e6e99f459cf31
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 74f2121813b91fa0b44fb586efb307df28f6166ed0feab1c497f80d0b841f1b9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C51F130404A487ADB226B228C45BBF3A69DF42318F50853BF909711D1DB7D9982DE6E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405E9C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,0042C110,C:\,004057B8,C:\,C:\,00000000,C:\,C:\,?,?,00000000,004054DA,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EA7
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00405EB3
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                    • String ID: C:\
                                                                                                                                                                                                                                                    • API String ID: 2295610775-3404278061
                                                                                                                                                                                                                                                    • Opcode ID: 6aebaf9d7798dbd017b42e649449a55c665c1a78b7402752724ce15f47781116
                                                                                                                                                                                                                                                    • Instruction ID: c926c128dd9a58e72073d921ff5d887e323c8f6286bbbccf5b0fc9dd9174debe
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6aebaf9d7798dbd017b42e649449a55c665c1a78b7402752724ce15f47781116
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60D0C931A0A4205BD3011738AD0985B7A589B453713108E32F565F62E1D37899628AED
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040398A Relevance: 59.8, APIs: 32, Strings: 2, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 186 40398a-40399c 187 4039a2-4039a8 186->187 188 403add-403aec 186->188 187->188 189 4039ae-4039b7 187->189 190 403b3b-403b50 188->190 191 403aee-403b36 GetDlgItem * 2 call 403e5d SetClassLongA call 40140b 188->191 192 4039b9-4039c6 SetWindowPos 189->192 193 4039cc-4039cf 189->193 195 403b90-403b95 call 403ea9 190->195 196 403b52-403b55 190->196 191->190 192->193 198 4039d1-4039e3 ShowWindow 193->198 199 4039e9-4039ef 193->199 204 403b9a-403bb5 195->204 201 403b57-403b62 call 401389 196->201 202 403b88-403b8a 196->202 198->199 205 4039f1-403a06 DestroyWindow 199->205 206 403a0b-403a0e 199->206 201->202 217 403b64-403b83 SendMessageA 201->217 202->195 203 403e2a 202->203 212 403e2c-403e33 203->212 210 403bb7-403bb9 call 40140b 204->210 211 403bbe-403bc4 204->211 213 403e07-403e0d 205->213 215 403a10-403a1c SetWindowLongA 206->215 216 403a21-403a27 206->216 210->211 220 403de8-403e01 KiUserCallbackDispatcher * 2 211->220 221 403bca-403bd5 211->221 213->203 218 403e0f-403e15 213->218 215->212 222 403aca-403ad8 call 403ec4 216->222 223 403a2d-403a3e GetDlgItem 216->223 217->212 218->203 225 403e17-403e20 ShowWindow 218->225 220->213 221->220 226 403bdb-403c28 call 405bc3 call 403e5d * 3 GetDlgItem 221->226 222->212 227 403a40-403a57 SendMessageA IsWindowEnabled 223->227 228 403a5d-403a60 223->228 225->203 256 403c32-403c6e ShowWindow KiUserCallbackDispatcher call 403e7f KiUserCallbackDispatcher 226->256 257 403c2a-403c2f 226->257 227->203 227->228 229 403a62-403a63 228->229 230 403a65-403a68 228->230 233 403a93-403a98 call 403e36 229->233 234 403a76-403a7b 230->234 235 403a6a-403a70 230->235 233->222 237 403ab1-403ac4 SendMessageA 234->237 239 403a7d-403a83 234->239 235->237 238 403a72-403a74 235->238 237->222 238->233 242 403a85-403a8b call 40140b 239->242 243 403a9a-403aa3 call 40140b 239->243 254 403a91 242->254 243->222 252 403aa5-403aaf 243->252 252->254 254->233 260 403c70-403c71 256->260 261 403c73 256->261 257->256 262 403c75-403ca3 GetSystemMenu EnableMenuItem SendMessageA 260->262 261->262 263 403ca5-403cb6 SendMessageA 262->263 264 403cb8 262->264 265 403cbe-403cf7 call 403e92 call 405ba1 lstrlenA call 405bc3 SetWindowTextA call 401389 263->265 264->265 265->204 274 403cfd-403cff 265->274 274->204 275 403d05-403d09 274->275 276 403d28-403d3c DestroyWindow 275->276 277 403d0b-403d11 275->277 276->213 279 403d42-403d6f CreateDialogParamA 276->279 277->203 278 403d17-403d1d 277->278 278->204 280 403d23 278->280 279->213 281 403d75-403dcc call 403e5d GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 279->281 280->203 281->203 286 403dce-403de1 ShowWindow call 403ea9 281->286 288 403de6 286->288 288->213
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039C6
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?), ref: 004039E3
                                                                                                                                                                                                                                                    • DestroyWindow.USER32 ref: 004039F7
                                                                                                                                                                                                                                                    • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403A13
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 00403A34
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A48
                                                                                                                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 00403A4F
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00403AFD
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00403B07
                                                                                                                                                                                                                                                    • SetClassLongA.USER32(?,000000F2,?), ref: 00403B21
                                                                                                                                                                                                                                                    • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B72
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000003), ref: 00403C18
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?), ref: 00403C39
                                                                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403C4B
                                                                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403C66
                                                                                                                                                                                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403C7C
                                                                                                                                                                                                                                                    • EnableMenuItem.USER32(00000000), ref: 00403C83
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403C9B
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403CAE
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(0042A0C0,?,0042A0C0,Fast! Setup), ref: 00403CD7
                                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,0042A0C0), ref: 00403CE6
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,0000000A), ref: 00403E1A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$Item$MessageSend$Show$CallbackDispatcherLongMenuUser$ClassDestroyEnableEnabledSystemTextlstrlen
                                                                                                                                                                                                                                                    • String ID: <[p$Fast! Setup
                                                                                                                                                                                                                                                    • API String ID: 1252290697-973406734
                                                                                                                                                                                                                                                    • Opcode ID: e096b93ea5b7783a81310001908940047f79c27f8b6241b5c6e2750e84b113f1
                                                                                                                                                                                                                                                    • Instruction ID: 5f76212842cc3a2ea0064beba359403a4e9feef3dd5448b927816276c7a72de1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e096b93ea5b7783a81310001908940047f79c27f8b6241b5c6e2750e84b113f1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1BC1D431604205ABDB216F62ED85D2B3EACFB49706F40053EF541B62E1C739A942DF6E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004035F4 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 289 4035f4-40360c call 405f2d 292 403620-403647 call 405a88 289->292 293 40360e-40361e call 405aff 289->293 297 403649-40365a call 405a88 292->297 298 40365f-403665 lstrcatA 292->298 301 40366a-403693 call 4038bd call 405775 293->301 297->298 298->301 307 403699-40369e 301->307 308 40371a-403722 call 405775 301->308 307->308 309 4036a0-4036c4 call 405a88 307->309 313 403730-403755 LoadImageA 308->313 314 403724-40372b call 405bc3 308->314 309->308 319 4036c6-4036c8 309->319 317 4037e4-4037ec call 40140b 313->317 318 40375b-403791 RegisterClassA 313->318 314->313 332 4037f6-403801 call 4038bd 317->332 333 4037ee-4037f1 317->333 322 4038b3 318->322 323 403797-4037df SystemParametersInfoA CreateWindowExA 318->323 320 4036d9-4036e5 lstrlenA 319->320 321 4036ca-4036d7 call 4056bf 319->321 327 4036e7-4036f5 lstrcmpiA 320->327 328 40370d-403715 call 405694 call 405ba1 320->328 321->320 326 4038b5-4038bc 322->326 323->317 327->328 331 4036f7-403701 GetFileAttributesA 327->331 328->308 335 403703-403705 331->335 336 403707-403708 call 4056db 331->336 342 403807-403821 ShowWindow call 405ec3 332->342 343 40388a-40388b call 404f5f 332->343 333->326 335->328 335->336 336->328 350 403823-403828 call 405ec3 342->350 351 40382d-40383f GetClassInfoA 342->351 346 403890-403892 343->346 348 403894-40389a 346->348 349 4038ac-4038ae call 40140b 346->349 348->333 356 4038a0-4038a7 call 40140b 348->356 349->322 350->351 354 403841-403851 GetClassInfoA RegisterClassA 351->354 355 403857-40387a DialogBoxParamA call 40140b 351->355 354->355 359 40387f-403888 call 403544 355->359 356->333 359->326
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00405F2D: GetModuleHandleA.KERNEL32(?,?,00000000,00403179,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00405F3F
                                                                                                                                                                                                                                                      • Part of subcall function 00405F2D: GetProcAddress.KERNEL32(00000000,?), ref: 00405F5A
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(1033,0042A0C0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0C0,00000000,00000003,C:\Users\user\AppData\Local\Temp\,00000000,"C:\Users\user\Desktop\Setup (1).exe",00000000), ref: 00403665
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(0042DBE0,?,?,?,0042DBE0,00000000,C:\Program Files (x86)\Fast!,1033,0042A0C0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0C0,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 004036DA
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(?,.exe), ref: 004036ED
                                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(0042DBE0), ref: 004036F8
                                                                                                                                                                                                                                                    • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files (x86)\Fast!), ref: 00403741
                                                                                                                                                                                                                                                      • Part of subcall function 00405AFF: wsprintfA.USER32 ref: 00405B0C
                                                                                                                                                                                                                                                    • RegisterClassA.USER32 ref: 00403788
                                                                                                                                                                                                                                                    • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004037A0
                                                                                                                                                                                                                                                    • CreateWindowExA.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 004037D9
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 0040380F
                                                                                                                                                                                                                                                    • GetClassInfoA.USER32(00000000,RichEdit20A,0042E3E0), ref: 0040383B
                                                                                                                                                                                                                                                    • GetClassInfoA.USER32(00000000,RichEdit,0042E3E0), ref: 00403848
                                                                                                                                                                                                                                                    • RegisterClassA.USER32(0042E3E0), ref: 00403851
                                                                                                                                                                                                                                                    • DialogBoxParamA.USER32(?,00000000,0040398A,00000000), ref: 00403870
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                    • String ID: "C:\Users\user\Desktop\Setup (1).exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$elete file: $B
                                                                                                                                                                                                                                                    • API String ID: 1975747703-1297217687
                                                                                                                                                                                                                                                    • Opcode ID: 9dc4455a64ac2445572d32c1471da8ac384815c2cb05422081bc661430fef34c
                                                                                                                                                                                                                                                    • Instruction ID: 069ef0fb9a42e1b4956c000ddcdb280bce5473b1ca4ea0d36e0de5988d82752f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9dc4455a64ac2445572d32c1471da8ac384815c2cb05422081bc661430fef34c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE61D8B16442007FD220AFA69C45F273A6CEB44749F44457FF940B32D1CA7DA9018A7E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402C38 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 363 402c38-402c86 GetTickCount GetModuleFileNameA call 405878 366 402c92-402cc0 call 405ba1 call 4056db call 405ba1 GetFileSize 363->366 367 402c88-402c8d 363->367 375 402cc6 366->375 376 402dad-402dbb call 402bd4 366->376 368 402e6a-402e6e 367->368 378 402ccb-402ce2 375->378 383 402e10-402e15 376->383 384 402dbd-402dc0 376->384 379 402ce4 378->379 380 402ce6-402ce8 call 403093 378->380 379->380 385 402ced-402cef 380->385 383->368 386 402dc2-402dda call 4030c5 call 403093 384->386 387 402de4-402e0e GlobalAlloc call 4030c5 call 402e71 384->387 389 402cf5-402cfc 385->389 390 402e17-402e1f call 402bd4 385->390 386->383 409 402ddc-402de2 386->409 387->383 414 402e21-402e32 387->414 393 402d78-402d7c 389->393 394 402cfe-402d12 call 405839 389->394 390->383 398 402d86-402d8c 393->398 399 402d7e-402d85 call 402bd4 393->399 394->398 412 402d14-402d1b 394->412 405 402d9b-402da5 398->405 406 402d8e-402d98 call 405f9c 398->406 399->398 405->378 413 402dab 405->413 406->405 409->383 409->387 412->398 416 402d1d-402d24 412->416 413->376 417 402e34 414->417 418 402e3a-402e3f 414->418 416->398 420 402d26-402d2d 416->420 417->418 419 402e40-402e46 418->419 419->419 421 402e48-402e63 SetFilePointer call 405839 419->421 420->398 422 402d2f-402d36 420->422 425 402e68 421->425 422->398 424 402d38-402d58 422->424 424->383 426 402d5e-402d62 424->426 425->368 427 402d64-402d68 426->427 428 402d6a-402d72 426->428 427->413 427->428 428->398 429 402d74-402d76 428->429 429->398
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402C49
                                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Setup (1).exe,00000400), ref: 00402C65
                                                                                                                                                                                                                                                      • Part of subcall function 00405878: GetFileAttributesA.KERNEL32(00000003,00402C78,C:\Users\user\Desktop\Setup (1).exe,80000000,00000003), ref: 0040587C
                                                                                                                                                                                                                                                      • Part of subcall function 00405878: CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040589E
                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,00436000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Setup (1).exe,C:\Users\user\Desktop\Setup (1).exe,80000000,00000003), ref: 00402CB1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Error launching installer, xrefs: 00402C88
                                                                                                                                                                                                                                                    • "C:\Users\user\Desktop\Setup (1).exe", xrefs: 00402C38
                                                                                                                                                                                                                                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E10
                                                                                                                                                                                                                                                    • C:\Users\user\Desktop\Setup (1).exe, xrefs: 00402C4F, 00402C5E, 00402C72, 00402C92
                                                                                                                                                                                                                                                    • Null, xrefs: 00402D2F
                                                                                                                                                                                                                                                    • C:\Users\user\Desktop, xrefs: 00402C93, 00402C98, 00402C9E
                                                                                                                                                                                                                                                    • Inst, xrefs: 00402D1D
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C42
                                                                                                                                                                                                                                                    • soft, xrefs: 00402D26
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                    • String ID: "C:\Users\user\Desktop\Setup (1).exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Setup (1).exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                                                                                                                                    • API String ID: 4283519449-1247957078
                                                                                                                                                                                                                                                    • Opcode ID: 52dd5125f2beb4c5a01725ee1ecfb7cda6383a0ef784e60b7ebdc9a7c5e8d2b4
                                                                                                                                                                                                                                                    • Instruction ID: d5d64c7dde767481ec9b836f5bb8cc7fe4476435a14377af370c0b56c56fa9d6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52dd5125f2beb4c5a01725ee1ecfb7cda6383a0ef784e60b7ebdc9a7c5e8d2b4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B51D971901214ABDB219FA6DE89B9E7BB8FB40354F10413BF900B62D1D7BC9D418B9D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405BC3 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 197stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 499 405bc3-405bce 500 405bd0-405bdf 499->500 501 405be1-405bfe 499->501 500->501 502 405de0-405de4 501->502 503 405c04-405c0b 501->503 504 405c10-405c1a 502->504 505 405dea-405df4 502->505 503->502 504->505 506 405c20-405c27 504->506 507 405df6-405dfa call 405ba1 505->507 508 405dff-405e00 505->508 509 405dd3 506->509 510 405c2d-405c62 506->510 507->508 512 405dd5-405ddb 509->512 513 405ddd-405ddf 509->513 514 405c68-405c73 GetVersion 510->514 515 405d7d-405d80 510->515 512->502 513->502 516 405c75-405c79 514->516 517 405c8d 514->517 518 405db0-405db3 515->518 519 405d82-405d85 515->519 516->517 520 405c7b-405c7f 516->520 523 405c94-405c9b 517->523 524 405dc1-405dd1 lstrlenA 518->524 525 405db5-405dbc call 405bc3 518->525 521 405d95-405da1 call 405ba1 519->521 522 405d87-405d93 call 405aff 519->522 520->517 526 405c81-405c85 520->526 536 405da6-405dac 521->536 522->536 528 405ca0-405ca2 523->528 529 405c9d-405c9f 523->529 524->502 525->524 526->517 532 405c87-405c8b 526->532 534 405ca4-405cbf call 405a88 528->534 535 405cdb-405cde 528->535 529->528 532->523 544 405cc4-405cc7 534->544 537 405ce0-405cec GetSystemDirectoryA 535->537 538 405cee-405cf1 535->538 536->524 540 405dae 536->540 541 405d5f-405d62 537->541 542 405cf3-405d01 GetWindowsDirectoryA 538->542 543 405d5b-405d5d 538->543 545 405d75-405d7b call 405e03 540->545 541->545 548 405d64-405d68 541->548 542->543 543->541 547 405d03-405d0d 543->547 544->548 549 405ccd-405cd6 call 405bc3 544->549 545->524 552 405d27-405d3d SHGetSpecialFolderLocation 547->552 553 405d0f-405d12 547->553 548->545 550 405d6a-405d70 lstrcatA 548->550 549->541 550->545 557 405d58 552->557 558 405d3f-405d56 SHGetPathFromIDListA CoTaskMemFree 552->558 553->552 556 405d14-405d1b 553->556 559 405d23-405d25 556->559 557->543 558->541 558->557 559->541 559->552
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetVersion.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00000000,00404EC5,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00000000), ref: 00405C6B
                                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32(0042DBE0,00000400), ref: 00405CE6
                                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(0042DBE0,00000400), ref: 00405CF9
                                                                                                                                                                                                                                                    • SHGetSpecialFolderLocation.SHELL32(?,0041B668), ref: 00405D35
                                                                                                                                                                                                                                                    • SHGetPathFromIDListA.SHELL32(0041B668,0042DBE0), ref: 00405D43
                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(0041B668), ref: 00405D4E
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(0042DBE0,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D70
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(0042DBE0,00000000,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00000000,00404EC5,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00000000), ref: 00405DC2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\nsd4724.tmp\, xrefs: 00405BF4
                                                                                                                                                                                                                                                    • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00405D6A
                                                                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion, xrefs: 00405CB5
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\nso119A.tmp, xrefs: 00405D9A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsd4724.tmp\$C:\Users\user\AppData\Local\Temp\nso119A.tmp$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                    • API String ID: 900638850-3482342261
                                                                                                                                                                                                                                                    • Opcode ID: ed8c6b9eda11198c9f487f793d8048b2266bdc298f04fd86fca6ea968bbf239d
                                                                                                                                                                                                                                                    • Instruction ID: fa1e0b9f47c9474f0aa02006464afd466a30f7754b548aa089decd5b8df859b0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed8c6b9eda11198c9f487f793d8048b2266bdc298f04fd86fca6ea968bbf239d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8512531A04A15ABEB205B698C88BBB3B64DF11314F54827BE511BA2D0D37C5942DF4E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402E71 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 174fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 560 402e71-402e85 561 402e87 560->561 562 402e8e-402e97 560->562 561->562 563 402ea0-402ea5 562->563 564 402e99 562->564 565 402eb5-402ec2 call 403093 563->565 566 402ea7-402eb0 call 4030c5 563->566 564->563 570 402ec8-402ecc 565->570 571 40303e 565->571 566->565 573 402ed2-402f1b GetTickCount 570->573 574 403027-403029 570->574 572 403040-403041 571->572 577 40308c-403090 572->577 575 402f21-402f29 573->575 576 403089 573->576 578 40302b-40302e 574->578 579 40307e-403082 574->579 580 402f2b 575->580 581 402f2e-402f3c call 403093 575->581 576->577 584 403030 578->584 585 403033-40303c call 403093 578->585 582 403043-403049 579->582 583 403084 579->583 580->581 581->571 594 402f42-402f4b 581->594 587 40304b 582->587 588 40304e-40305c call 403093 582->588 583->576 584->585 585->571 593 403086 585->593 587->588 588->571 597 40305e-403071 WriteFile 588->597 593->576 596 402f51-402f71 call 40600a 594->596 603 402f77-402f8a GetTickCount 596->603 604 40301f-403021 596->604 599 403023-403025 597->599 600 403073-403076 597->600 599->572 600->599 602 403078-40307b 600->602 602->579 605 402f8c-402f94 603->605 606 402fcf-402fd3 603->606 604->572 609 402f96-402f9a 605->609 610 402f9c-402fcc MulDiv wsprintfA call 404e8d 605->610 607 403014-403017 606->607 608 402fd5-402fd8 606->608 607->575 613 40301d 607->613 611 402ffa-403005 608->611 612 402fda-402fee WriteFile 608->612 609->606 609->610 610->606 616 403008-40300c 611->616 612->599 615 402ff0-402ff3 612->615 613->576 615->599 618 402ff5-402ff8 615->618 616->596 619 403012 616->619 618->616 619->576
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402ED8
                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402F7F
                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402FA8
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00402FB8
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,0041B668,7FFFFFFF,00000000), ref: 00402FE6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CountTick$FileWritewsprintf
                                                                                                                                                                                                                                                    • String ID: ... %d%%$hLA$hLA$vdA
                                                                                                                                                                                                                                                    • API String ID: 4209647438-2367115750
                                                                                                                                                                                                                                                    • Opcode ID: 15830b5729e274ba0f97a3d7cbff5ebb3cba57926562ea921e29536335055c53
                                                                                                                                                                                                                                                    • Instruction ID: 8a95cf2a137d7550cfd21daf0583010478331d15a29cb338fc351ae0d0d0651f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15830b5729e274ba0f97a3d7cbff5ebb3cba57926562ea921e29536335055c53
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D261AE7190221AEBDB10DFA5DA44AAF7BB8EB40355F10417BF910B72C4D7789A40CBE9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401734 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 147stringtimeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 620 401734-401757 call 402a0c call 405701 625 401761-401773 call 405ba1 call 405694 lstrcatA 620->625 626 401759-40175f call 405ba1 620->626 631 401778-40177e call 405e03 625->631 626->631 636 401783-401787 631->636 637 401789-401793 call 405e9c 636->637 638 4017ba-4017bd 636->638 645 4017a5-4017b7 637->645 646 401795-4017a3 CompareFileTime 637->646 640 4017c5-4017e1 call 405878 638->640 641 4017bf-4017c0 call 405859 638->641 648 4017e3-4017e6 640->648 649 401859-401882 call 404e8d call 402e71 640->649 641->640 645->638 646->645 651 4017e8-40182a call 405ba1 * 2 call 405bc3 call 405ba1 call 405462 648->651 652 40183b-401845 call 404e8d 648->652 663 401884-401888 649->663 664 40188a-401896 SetFileTime 649->664 651->636 684 401830-401831 651->684 661 40184e-401854 652->661 665 4028aa 661->665 663->664 667 40189c-4018a7 FindCloseChangeNotification 663->667 664->667 669 4028ac-4028b0 665->669 670 4028a1-4028a4 667->670 671 4018ad-4018b0 667->671 670->665 673 4018b2-4018c3 call 405bc3 lstrcatA 671->673 674 4018c5-4018c8 call 405bc3 671->674 678 4018cd-402229 call 405462 673->678 674->678 678->669 687 402672-402679 678->687 684->661 686 401833-401834 684->686 686->652 687->670
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,00000000,C:\Users\user\AppData\Roaming\mntbasic\mntbasic.exe,C:\Program Files (x86)\Fast!,00000000,00000000,00000031), ref: 00401773
                                                                                                                                                                                                                                                    • CompareFileTime.KERNEL32(-00000014,?,C:\Users\user\AppData\Roaming\mntbasic\mntbasic.exe,C:\Users\user\AppData\Roaming\mntbasic\mntbasic.exe,00000000,00000000,C:\Users\user\AppData\Roaming\mntbasic\mntbasic.exe,C:\Program Files (x86)\Fast!,00000000,00000000,00000031), ref: 0040179D
                                                                                                                                                                                                                                                      • Part of subcall function 00405BA1: lstrcpynA.KERNEL32(?,?,00000400,004031BD,Fast! Setup,NSIS Error), ref: 00405BAE
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00000000,0041B668,755723A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000,?), ref: 00404EC6
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: lstrlenA.KERNEL32(00402FCC,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00000000,0041B668,755723A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000), ref: 00404ED6
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00402FCC,00402FCC,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00000000,0041B668,755723A0), ref: 00404EE9
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SetWindowTextA.USER32(C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\), ref: 00404EFB
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F21
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F3B
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F49
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                                    • String ID: C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\nsd4724.tmp$C:\Users\user\AppData\Local\Temp\nsd4724.tmp\INetC.dll$C:\Users\user\AppData\Local\Temp\nso119A.tmp$C:\Users\user\AppData\Roaming\mntbasic\mntbasic.exe
                                                                                                                                                                                                                                                    • API String ID: 1941528284-3383726187
                                                                                                                                                                                                                                                    • Opcode ID: d4c726461f8bacecb67542b770aac1b9aae46e51f0a493d73483bca620c5ad01
                                                                                                                                                                                                                                                    • Instruction ID: e79ae9243306ab86068bc1e71be5748962656d45b0e0834c5e2f96de839f3da3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4c726461f8bacecb67542b770aac1b9aae46e51f0a493d73483bca620c5ad01
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71419632914514BADF107BB9CC45EAF3679EF01329B20823BF421F11E1D77C9A418A6E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00404E8D Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 688 404e8d-404ea2 689 404f58-404f5c 688->689 690 404ea8-404eba 688->690 691 404ec5-404ed1 lstrlenA 690->691 692 404ebc-404ec0 call 405bc3 690->692 694 404ed3-404ee3 lstrlenA 691->694 695 404eee-404ef2 691->695 692->691 694->689 696 404ee5-404ee9 lstrcatA 694->696 697 404f01-404f05 695->697 698 404ef4-404efb SetWindowTextA 695->698 696->695 699 404f07-404f49 SendMessageA * 3 697->699 700 404f4b-404f4d 697->700 698->697 699->700 700->689 701 404f4f-404f52 700->701 701->689
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00000000,0041B668,755723A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000,?), ref: 00404EC6
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00402FCC,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00000000,0041B668,755723A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000), ref: 00404ED6
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00402FCC,00402FCC,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00000000,0041B668,755723A0), ref: 00404EE9
                                                                                                                                                                                                                                                    • SetWindowTextA.USER32(C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\), ref: 00404EFB
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F21
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F3B
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F49
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsd4724.tmp\
                                                                                                                                                                                                                                                    • API String ID: 2531174081-1890076676
                                                                                                                                                                                                                                                    • Opcode ID: 85e22b5a9d66ab826639727964249279cde381aefd2cdf83e480412192e81bb7
                                                                                                                                                                                                                                                    • Instruction ID: d5e3cfdbeb95b60488c6f1e99959168c2d2eab17d02c72d4f5409838ea1ae410
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85e22b5a9d66ab826639727964249279cde381aefd2cdf83e480412192e81bb7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C21CF71900119BBDF11AFA5CD849DEBFB9EF45354F04807AF608B6290C779AE408FA8
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401F67 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 702 401f67-401f73 703 401f79-401f8f call 402a0c * 2 702->703 704 40202f-402031 702->704 713 401f91-401f9c GetModuleHandleA 703->713 714 401f9e-401fac LoadLibraryExA 703->714 705 40217a-40217f call 401423 704->705 712 4028a1-4028b0 705->712 713->714 716 401fae-401fbc GetProcAddress 713->716 714->716 717 402028-40202a 714->717 719 401ffb-402000 call 404e8d 716->719 720 401fbe-401fc4 716->720 717->705 724 402005-402008 719->724 721 401fc6-401fd2 call 401423 720->721 722 401fdd-401ff1 720->722 721->724 733 401fd4-401fdb 721->733 728 401ff6-401ff9 722->728 724->712 726 40200e-402016 call 403594 724->726 726->712 732 40201c-402023 FreeLibrary 726->732 728->724 732->712 733->724
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401F92
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00000000,0041B668,755723A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000,?), ref: 00404EC6
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: lstrlenA.KERNEL32(00402FCC,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00000000,0041B668,755723A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000), ref: 00404ED6
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00402FCC,00402FCC,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00000000,0041B668,755723A0), ref: 00404EE9
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SetWindowTextA.USER32(C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\), ref: 00404EFB
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F21
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F3B
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F49
                                                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FA2
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00401FB2
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040201D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\nso119A.tmp, xrefs: 00401FE7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nso119A.tmp
                                                                                                                                                                                                                                                    • API String ID: 2987980305-1061601664
                                                                                                                                                                                                                                                    • Opcode ID: 77271a6b5322034cfe6f303821667c40e704e12d7107d6431a06a26c6806cbd5
                                                                                                                                                                                                                                                    • Instruction ID: c2750792bbdc63a1f1471102f5095df33ec689d5572da80d747626f78b0a8a56
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77271a6b5322034cfe6f303821667c40e704e12d7107d6431a06a26c6806cbd5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86210B32904115BBDF206FA5CE8CA6E3571BF44358F20423BF901B62E1DBBC49419A5E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 734 4015b3-4015c6 call 402a0c call 405728 739 4015c8-4015e3 call 4056bf CreateDirectoryA 734->739 740 40160a-40160d 734->740 747 401600-401608 739->747 748 4015e5-4015f0 GetLastError 739->748 741 40162d-40217f call 401423 740->741 742 40160f-401628 call 401423 call 405ba1 SetCurrentDirectoryA 740->742 755 4028a1-4028b0 741->755 742->755 747->739 747->740 751 4015f2-4015fb GetFileAttributesA 748->751 752 4015fd 748->752 751->747 751->752 752->747
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00405728: CharNextA.USER32(004054DA,?,C:\,00000000,0040578C,C:\,C:\,?,?,00000000,004054DA,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405736
                                                                                                                                                                                                                                                      • Part of subcall function 00405728: CharNextA.USER32(00000000), ref: 0040573B
                                                                                                                                                                                                                                                      • Part of subcall function 00405728: CharNextA.USER32(00000000), ref: 0040574A
                                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(00000000,C:\Program Files (x86)\Fast!,00000000,00000000,000000F0), ref: 00401622
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Fast!, xrefs: 00401617
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                                                                                                                                                    • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                                                    • API String ID: 3751793516-1788482285
                                                                                                                                                                                                                                                    • Opcode ID: 9600dd9018e9461b37e30ba5723a9ce1774d318771259623f716c5f1620301f3
                                                                                                                                                                                                                                                    • Instruction ID: bb8d1e4e690ad92a523629274e31cd42690718b140f669fc0321f517961e655e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9600dd9018e9461b37e30ba5723a9ce1774d318771259623f716c5f1620301f3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB010831908140AFDB217B795D44D6F77B49E56365B24063FF491B22E1C53C0941962E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405EC3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34libraryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 759 405ec3-405ee3 GetSystemDirectoryA 760 405ee5 759->760 761 405ee7-405ee9 759->761 760->761 762 405ef9-405efb 761->762 763 405eeb-405ef3 761->763 765 405efc-405f2a wsprintfA LoadLibraryA 762->765 763->762 764 405ef5-405ef7 763->764 764->765
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405EDA
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00405F13
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?), ref: 00405F23
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                                    • String ID: %s%s.dll$\
                                                                                                                                                                                                                                                    • API String ID: 2200240437-500877883
                                                                                                                                                                                                                                                    • Opcode ID: bac9a2fc6f46d7ce26ef8fb07d33782f421afe65be062073a8d3b7340457a89d
                                                                                                                                                                                                                                                    • Instruction ID: bb15d2e5d25401263bf0b052e26ed8f2ff91206720ea4b5c6b623b775464ebc4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bac9a2fc6f46d7ce26ef8fb07d33782f421afe65be062073a8d3b7340457a89d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FF02B309042095BDB149768DC0DEFB3B5CEB08304F1405BBA1C6E10D2E678ED558FD8
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004058A7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 766 4058a7-4058b1 767 4058b2-4058dc GetTickCount GetTempFileNameA 766->767 768 4058eb-4058ed 767->768 769 4058de-4058e0 767->769 771 4058e5-4058e8 768->771 769->767 770 4058e2 769->770 770->771
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004058BA
                                                                                                                                                                                                                                                    • GetTempFileNameA.KERNEL32(?,0061736E,00000000,?), ref: 004058D4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                    • String ID: "C:\Users\user\Desktop\Setup (1).exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                                                    • API String ID: 1716503409-2268347423
                                                                                                                                                                                                                                                    • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                                                                                                                                    • Instruction ID: 40dff32a3e5f00750648796d4805ff32b13dc741bded237dc881b6ef32aeca23
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91F0A73734820476E7105E55DC04B9B7F6DDF91750F14C027FD449A1C0D6B4995497A5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401BAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 772 401bad-401bc5 call 4029ef * 2 777 401bd1-401bd5 772->777 778 401bc7-401bce call 402a0c 772->778 780 401be1-401be7 777->780 781 401bd7-401bde call 402a0c 777->781 778->777 784 401be9-401bfd call 4029ef * 2 780->784 785 401c2d-401c53 call 402a0c * 2 FindWindowExA 780->785 781->780 795 401c1d-401c2b SendMessageA 784->795 796 401bff-401c1b SendMessageTimeoutA 784->796 797 401c59 785->797 795->797 798 401c5c-401c5f 796->798 797->798 799 4028a1-4028b0 798->799 800 401c65 798->800 800->799
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                    • String ID: !
                                                                                                                                                                                                                                                    • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                    • Opcode ID: e392da7139347f63c408211002f75456f017542e4151f627b34d3607e76d39d5
                                                                                                                                                                                                                                                    • Instruction ID: e2d4d96ca7e059e12ef29128c845d67dbcf5a6688523181a8ec59df7cc8b106d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e392da7139347f63c408211002f75456f017542e4151f627b34d3607e76d39d5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B021A171A44208BFEF01AFB5CD8AAAE7B75EF44344F14407AF501BA1D1D6B88A40DB29
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405775 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00405BA1: lstrcpynA.KERNEL32(?,?,00000400,004031BD,Fast! Setup,NSIS Error), ref: 00405BAE
                                                                                                                                                                                                                                                      • Part of subcall function 00405728: CharNextA.USER32(004054DA,?,C:\,00000000,0040578C,C:\,C:\,?,?,00000000,004054DA,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405736
                                                                                                                                                                                                                                                      • Part of subcall function 00405728: CharNextA.USER32(00000000), ref: 0040573B
                                                                                                                                                                                                                                                      • Part of subcall function 00405728: CharNextA.USER32(00000000), ref: 0040574A
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,?,?,00000000,004054DA,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004057C8
                                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,00000000,004054DA,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004057D8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                                    • String ID: C:\
                                                                                                                                                                                                                                                    • API String ID: 3248276644-3404278061
                                                                                                                                                                                                                                                    • Opcode ID: 0125b7c87d70c91a3d1bb05a748c96933fea46ebfbf371231d4dae2570234416
                                                                                                                                                                                                                                                    • Instruction ID: ab519aa84a01e62adc0720e4bc647a0d22f88b68ea54c21d3d29417989d01369
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0125b7c87d70c91a3d1bb05a748c96933fea46ebfbf371231d4dae2570234416
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BF02D29105E5056D622333A1C05A9F1B54CE83364F58453FF854B32D2CB3C8943EDBE
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040355F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,00000000,00403537,00403340,00000000), ref: 00403579
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00403580
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00403571
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                    • API String ID: 1100898210-4083868402
                                                                                                                                                                                                                                                    • Opcode ID: 84b733c7cccae0041813714216a38e771799edba4f139ceaa0c0671ece6e2eb2
                                                                                                                                                                                                                                                    • Instruction ID: bfe74e10b2793f4584c914afcf2a54bd359ebf4cfcfa0dffde5489d6b194198f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84b733c7cccae0041813714216a38e771799edba4f139ceaa0c0671ece6e2eb2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCE08C32901030A7DA211F15BC0475ABB6C6B49B32F01456AE801772B083742D424BE8
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401B06 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00732280), ref: 00401B75
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000404), ref: 00401B87
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Global$AllocFree
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Roaming\mntbasic\mntbasic.exe
                                                                                                                                                                                                                                                    • API String ID: 3394109436-3623489810
                                                                                                                                                                                                                                                    • Opcode ID: ffcc7f9a1f2564f2d2e4ea66ad0d21fee265ee494850c044d7eb880d681283a3
                                                                                                                                                                                                                                                    • Instruction ID: cc00a111a875a158010fb0437ff6a2ad2fcab022a3b836d45fe26aacbc009528
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ffcc7f9a1f2564f2d2e4ea66ad0d21fee265ee494850c044d7eb880d681283a3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67219376604104ABD710ABA8DEC9E5B72B9FB84314B24453BF611F32D1EB7CB8018B5D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401E1B Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00000000,0041B668,755723A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000,?), ref: 00404EC6
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: lstrlenA.KERNEL32(00402FCC,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00000000,0041B668,755723A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000), ref: 00404ED6
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00402FCC,00402FCC,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,00000000,0041B668,755723A0), ref: 00404EE9
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SetWindowTextA.USER32(C:\Users\user\AppData\Local\Temp\nsd4724.tmp\,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\), ref: 00404EFB
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F21
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F3B
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F49
                                                                                                                                                                                                                                                      • Part of subcall function 00405401: CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042C0C8,Error launching installer), ref: 00405426
                                                                                                                                                                                                                                                      • Part of subcall function 00405401: CloseHandle.KERNEL32(?), ref: 00405433
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E55
                                                                                                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 00401E65
                                                                                                                                                                                                                                                    • FindCloseChangeNotification.KERNEL32(?,00000000,000000EB,00000000), ref: 00401E8A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcat
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3954718778-0
                                                                                                                                                                                                                                                    • Opcode ID: e841d8ddf44e6fd3969bf6ff50c2407d9c09f79f181b85797a9d06b73955de84
                                                                                                                                                                                                                                                    • Instruction ID: 2a50f7c186f8d6ad55db8ec4cc548a4808b9981e8607132828513abc09ff4306
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e841d8ddf44e6fd3969bf6ff50c2407d9c09f79f181b85797a9d06b73955de84
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A016931D04114EBDF21AFA1CD85A9E7B71EF00358F24813BF905B61E1C7B94A81DB9A
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405A88 Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,00405CC4,00000000,00000002,?,00000002,002DC6B5,?,00405CC4,80000002,Software\Microsoft\Windows\CurrentVersion,002DC6B5,0042DBE0,0070B32D), ref: 00405AB1
                                                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(002DC6B5,?,00000000,00405CC4,002DC6B5,00405CC4), ref: 00405AD2
                                                                                                                                                                                                                                                    • RegCloseKey.KERNEL32(?), ref: 00405AF3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3677997916-0
                                                                                                                                                                                                                                                    • Opcode ID: 67b3e0d3ded8972df4b5bccd868b78f6ad8d4f27bd32828d0c76414c952c029f
                                                                                                                                                                                                                                                    • Instruction ID: 73a274855f42cec9a7ce3e58aeff3d3433a4445e8632c2ebf8a036d33102cd28
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67b3e0d3ded8972df4b5bccd868b78f6ad8d4f27bd32828d0c76414c952c029f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8701487114020AEFDF128F64EC88AEB3FACEF14358F004126F904A6160D235D964DFA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401DC1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ShellExecuteA.SHELL32(?,00000000,00000000,00000000,C:\Program Files (x86)\Fast!,?), ref: 00401E07
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Fast!, xrefs: 00401DF2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExecuteShell
                                                                                                                                                                                                                                                    • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                                                    • API String ID: 587946157-1788482285
                                                                                                                                                                                                                                                    • Opcode ID: 77df207de77508185c8c9cb82d9d74c621a57b79e033ef8b57d7c9527209f2e4
                                                                                                                                                                                                                                                    • Instruction ID: ba14c07d206d1718bc9d8e8203e48321a71375e296f6bcf92d5e814be43a876d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77df207de77508185c8c9cb82d9d74c621a57b79e033ef8b57d7c9527209f2e4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6F0FC32B041406AD711BBB59D8EE5E2B659F41324F100637F400F71D2DDFC88415718
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00403E36 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000408,?,00000000,00403A98), ref: 00403E54
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                    • String ID: x
                                                                                                                                                                                                                                                    • API String ID: 3850602802-2363233923
                                                                                                                                                                                                                                                    • Opcode ID: e6e6a61ead4af85831cb67e27b83a0ab76bdf8c14621e6abc8975df18522f4f8
                                                                                                                                                                                                                                                    • Instruction ID: 01e630482bc5aa7651d2843b03b3bb467686e88fed72d651a0a9240d5e30c69e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6e6a61ead4af85831cb67e27b83a0ab76bdf8c14621e6abc8975df18522f4f8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3DC01236648201EADA245B42EE04B067A20B768B02F208039F341240B5C6301622EB0E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040251C Relevance: 3.1, APIs: 2, Instructions: 79fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,00000001,?,?,?,00000002), ref: 00402568
                                                                                                                                                                                                                                                      • Part of subcall function 00405AFF: wsprintfA.USER32 ref: 00405B0C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileReadwsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3326442220-0
                                                                                                                                                                                                                                                    • Opcode ID: b477d60ff94f73c1c0bb044503b76951384e81d4576d319d4125a1203f1dc534
                                                                                                                                                                                                                                                    • Instruction ID: 19eab3b86d9b75e5e7be3b308233c29603b61c08bd2d52ff7fc178e77211348e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b477d60ff94f73c1c0bb044503b76951384e81d4576d319d4125a1203f1dc534
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D821F871C04199BFDF318B988E596AEBB749F01304F14417BE581B62D1C6BC8A81CB1D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                    • Opcode ID: 42849ed48d919fde42c0d44f840d19e9f7e342482cf35ba8d4f2414d886d90f9
                                                                                                                                                                                                                                                    • Instruction ID: 86a6a9173f7d20567c8ae2bb249fddc303668c970c82e3d032b9735ebafba260
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42849ed48d919fde42c0d44f840d19e9f7e342482cf35ba8d4f2414d886d90f9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B30128317242209BE7195B399C05B6A369CE714328F50853BF851F72F2DA78DC039B8D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405F2D Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,00000000,00403179,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00405F3F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00405F5A
                                                                                                                                                                                                                                                      • Part of subcall function 00405EC3: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405EDA
                                                                                                                                                                                                                                                      • Part of subcall function 00405EC3: wsprintfA.USER32 ref: 00405F13
                                                                                                                                                                                                                                                      • Part of subcall function 00405EC3: LoadLibraryA.KERNEL32(?), ref: 00405F23
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2547128583-0
                                                                                                                                                                                                                                                    • Opcode ID: 1d5d05e119682ff417a48f130b5ba42363bbc93cead61c2bd8601333870f7f39
                                                                                                                                                                                                                                                    • Instruction ID: 5a94b1a02772503a3f00306f9b3f9683cc322e661ee482fd999d4dc3ca30496d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d5d05e119682ff417a48f130b5ba42363bbc93cead61c2bd8601333870f7f39
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3AE0863260861176D6105B74AD0496B72A8DE8C7503054C7EF945F6190D738DC119AA9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040287C Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000000B,00000001), ref: 0040288B
                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?), ref: 0040289B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InvalidateMessageRectSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 909852535-0
                                                                                                                                                                                                                                                    • Opcode ID: 08dcfb9834c95f89ad541780f3876cf505edd94ac534487e8fe09633a376a490
                                                                                                                                                                                                                                                    • Instruction ID: f8a96fc1e36c5b93f6f214f627bc77ef160ce1b27a8f698795edc455daabadaa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08dcfb9834c95f89ad541780f3876cf505edd94ac534487e8fe09633a376a490
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6E04672A00008AFEB118B94ECC89AEBB79FB00319F00003AE102A11A0D7341D41DA28
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401D95 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DAB
                                                                                                                                                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 00401DB6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$EnableShow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1136574915-0
                                                                                                                                                                                                                                                    • Opcode ID: 4b91b45f4026f97bd9beb82d67beae29b1f9c0c3cc10d42029c057caa3b17660
                                                                                                                                                                                                                                                    • Instruction ID: 984ebb461e7b3d17f7d90f3cfa72f58d5920c2121cea36e24e5a662f071b7263
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b91b45f4026f97bd9beb82d67beae29b1f9c0c3cc10d42029c057caa3b17660
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4BE08672A04100DBD750A7B59D4D95E3264AF00369B104037E402F11C1C97C5C018659
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405878 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(00000003,00402C78,C:\Users\user\Desktop\Setup (1).exe,80000000,00000003), ref: 0040587C
                                                                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040589E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 415043291-0
                                                                                                                                                                                                                                                    • Opcode ID: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                                                                                                                                                                                    • Instruction ID: 518821d5ca0a74227a37217cadb520a33af9faec79942caa6648154b48e23ab6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DDD09E71658301AFEF098F20DE1AF2E7AA2EB84B01F10962CB646940E0D6715C15DB16
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040351A Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(FFFFFFFF,00403340,00000000), ref: 00403525
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\nsd4724.tmp\, xrefs: 00403539
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsd4724.tmp\
                                                                                                                                                                                                                                                    • API String ID: 2962429428-1890076676
                                                                                                                                                                                                                                                    • Opcode ID: 06effaca25b5add7cfbfcc195f5a74dd9294b17ede22bdaed3f684b475f24700
                                                                                                                                                                                                                                                    • Instruction ID: d1a415a1e30e97e21d6e0245b321a96cd967b9cfe2038280d4bc5e0259fe27b2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06effaca25b5add7cfbfcc195f5a74dd9294b17ede22bdaed3f684b475f24700
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3CC01230544A00A6C2647F7C9E0B6053A156740336FD04725B175B10F3C73C5A41552E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405859 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,00405664,?,?,?), ref: 0040585D
                                                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000000), ref: 0040586F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                                    • Opcode ID: 074f941138e9f1df105fff9ec0b177d36ae7deb3ea45ba36f2ce8c3e98632dd9
                                                                                                                                                                                                                                                    • Instruction ID: 15299d6900fb3f0dcfcb805ba40550cd3d393431f2dda1ea0104ff8e742be84e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 074f941138e9f1df105fff9ec0b177d36ae7deb3ea45ba36f2ce8c3e98632dd9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8AC04CB1808505BBD6016B35DF4DC1F7B66EB50321B108B35F569A01F0CB319C66DA1A
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004053CC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,00403100,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 004053D2
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004053E0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1375471231-0
                                                                                                                                                                                                                                                    • Opcode ID: 62594c709cce2f5b8fb8ca5d54e7f3286412bfa0f130784d9dc04a2d264f0cc1
                                                                                                                                                                                                                                                    • Instruction ID: 0a32bba0594ce4c50c7d18531d00583a5fdebb7a5bad339d624f0ac39b1a71a3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62594c709cce2f5b8fb8ca5d54e7f3286412bfa0f130784d9dc04a2d264f0cc1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0C04C30A08501EBD6105B31AE49B177AE49B547C1F1045366506E41E0D7B49411D93E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004025E2 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,?,00000000,00000002,?,?), ref: 004025FC
                                                                                                                                                                                                                                                      • Part of subcall function 00405AFF: wsprintfA.USER32 ref: 00405B0C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FilePointerwsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 327478801-0
                                                                                                                                                                                                                                                    • Opcode ID: 7802b7b00399cfaf2990ab86e23f61d39cfe8f9262743632c11858e8c721a55f
                                                                                                                                                                                                                                                    • Instruction ID: af763d8a78a761db22c42ff553d5b38efdf029ab42d771ce7adfc9ea42a260e9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7802b7b00399cfaf2990ab86e23f61d39cfe8f9262743632c11858e8c721a55f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8BE01A77A04100ABE741B7A69E8A8BF7269EF40309B10413BF501B10D1CABD5C025A2E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00403093 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,000000FF,?,00402EC0,000000FF,00000004,00000000,00000000,00000000), ref: 004030AA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                                                                                                    • Opcode ID: 0be395bbe571093c8e78859d05ee89954336de5599fe3087c5eab9dc4054fae4
                                                                                                                                                                                                                                                    • Instruction ID: fff8dc69d300bf088447089d7068fb6aaa903b2c1760e3ba56c5ad9840b64b03
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0be395bbe571093c8e78859d05ee89954336de5599fe3087c5eab9dc4054fae4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BAE08C32161118BBCF215E52EC00EE73B5CEB047A2F008033BA14E62A0D670EA14DBAA
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00403E5D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,?,00000000), ref: 00403E77
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ItemText
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3367045223-0
                                                                                                                                                                                                                                                    • Opcode ID: 48d94960b38ebc28c1b92b2907df8a1a9cfd1de57119b9feed465b1dcc7dbd99
                                                                                                                                                                                                                                                    • Instruction ID: ef3ffff1d02dc7de7135e56bd9a3da932b159402b42e9e0b37d7e7a6cf7c8a2a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 48d94960b38ebc28c1b92b2907df8a1a9cfd1de57119b9feed465b1dcc7dbd99
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15C08C31048300BFD281A704CC02F0FB7E8EF9031AF40C82EB16CA40D1C634D4208E2A
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00403EA9 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageA.USER32(0002041C,00000000,00000000,00000000), ref: 00403EBB
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                    • Opcode ID: 43c32328bbefc1a3920a48ff71181bee35ee5e1fabb1ba4cd28715ef016f3240
                                                                                                                                                                                                                                                    • Instruction ID: 754643320ca30f69397f413a8b8db00d71b0532af1d09d8a00dcaf1ba171179f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43c32328bbefc1a3920a48ff71181bee35ee5e1fabb1ba4cd28715ef016f3240
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0C09B717543017BEE20DF65DD45F0B7B586754B01F148435B200FB1D1C675E411DA6D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004030C5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00402DFF,00009DE4), ref: 004030D3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                                                    • Opcode ID: 1fe8ad6970e23be315a08abdb90e0b058f57890677f29add635e0ec7003afc6f
                                                                                                                                                                                                                                                    • Instruction ID: 89776e93a0172b97a38fb7948c015c90ed7fb14eba3da05579cbd58eb2c2bcc6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fe8ad6970e23be315a08abdb90e0b058f57890677f29add635e0ec7003afc6f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87B01271644200BFDB214F00DF06F057B61A794701F108030B744380F082712830EB1E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00403E92 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000028,?,00000001,00403CC3), ref: 00403EA0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                    • Opcode ID: 4bd8982626c92abb2357f82476bd4d99c5d7f29670624c06be2de6c5191f01be
                                                                                                                                                                                                                                                    • Instruction ID: 44392e581bbb4aa9116d087c90e7fb2cdd31efd5ead07ebe883a28bd9b35942d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4bd8982626c92abb2357f82476bd4d99c5d7f29670624c06be2de6c5191f01be
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAB01236688202BBEE214B41DD09F457E62F768701F008030F300280F4CAB200A1EF09
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00403E7F Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,00403C5C), ref: 00403E89
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                                                                                                                    • Opcode ID: 8c5842e903119d4e54e6dca0c52f7b0b198653f2e5d8341527d4c31334f50caf
                                                                                                                                                                                                                                                    • Instruction ID: 95dc7da4476d59103c26fcc6ae799d7f945830a776bf5e17fb181abdd4047406
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c5842e903119d4e54e6dca0c52f7b0b198653f2e5d8341527d4c31334f50caf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EDA002755041009BCB555F50DF04D057B62A7547017415435A5455417486315579EB1F
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Sleep
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3472027048-0
                                                                                                                                                                                                                                                    • Opcode ID: 78d2e6e0d4cef65e2203bc32a72a52e1585775b4b48775cde150ca72926f469a
                                                                                                                                                                                                                                                    • Instruction ID: 2279a1eb59868a7384db17342a960448875f3c9b0d9377e09ad035f05ac00328
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 78d2e6e0d4cef65e2203bc32a72a52e1585775b4b48775cde150ca72926f469a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9D0A973B241008BE790E7BEAE8945B23A8FB4032A3204833D802E2092D93CC8028218
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 004047DC Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F9), ref: 004047F3
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000408), ref: 00404800
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000001), ref: 0040484C
                                                                                                                                                                                                                                                    • LoadBitmapA.USER32(0000006E), ref: 0040485F
                                                                                                                                                                                                                                                    • SetWindowLongA.USER32(?,000000FC,00404DDD), ref: 00404879
                                                                                                                                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 0040488D
                                                                                                                                                                                                                                                    • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 004048A1
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001109,00000002), ref: 004048B6
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004048C2
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004048D4
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004048D9
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404904
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404910
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049A5
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004049D0
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049E4
                                                                                                                                                                                                                                                    • GetWindowLongA.USER32(?,000000F0), ref: 00404A13
                                                                                                                                                                                                                                                    • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404A21
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000005), ref: 00404A32
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404B35
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404B9A
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404BAF
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404BD3
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404BF9
                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 00404C0E
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00404C1E
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404C8E
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404D37
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404D46
                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00404D66
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00404DB4
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FE), ref: 00404DBF
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00404DC6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                    • String ID: $M$N
                                                                                                                                                                                                                                                    • API String ID: 1638840714-813528018
                                                                                                                                                                                                                                                    • Opcode ID: 6985abba1fe45adf417fb8140e8c520ba99ed0859ec1e49cc794178df0c19cc9
                                                                                                                                                                                                                                                    • Instruction ID: 458a4472cc575749f24c7bcde6f1b2e9246033a2a8d3a9469834700d3721ba37
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6985abba1fe45adf417fb8140e8c520ba99ed0859ec1e49cc794178df0c19cc9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7028EB0A00209EFDB21DF55DD85AAE7BB5FB84314F10813AF610BA2E1C7799A41DF58
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040429B Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 273stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FB), ref: 004042EA
                                                                                                                                                                                                                                                    • SetWindowTextA.USER32(00000000,?), ref: 00404314
                                                                                                                                                                                                                                                    • SHBrowseForFolderA.SHELL32(?,00429490,?), ref: 004043C5
                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 004043D0
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(0042DBE0,0042A0C0), ref: 00404402
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(?,0042DBE0), ref: 0040440E
                                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404420
                                                                                                                                                                                                                                                      • Part of subcall function 00405446: GetDlgItemTextA.USER32(?,?,00000400,00404457), ref: 00405459
                                                                                                                                                                                                                                                      • Part of subcall function 00405E03: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Setup (1).exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E5B
                                                                                                                                                                                                                                                      • Part of subcall function 00405E03: CharNextA.USER32(?,?,?,00000000), ref: 00405E68
                                                                                                                                                                                                                                                      • Part of subcall function 00405E03: CharNextA.USER32(?,"C:\Users\user\Desktop\Setup (1).exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E6D
                                                                                                                                                                                                                                                      • Part of subcall function 00405E03: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E7D
                                                                                                                                                                                                                                                    • GetDiskFreeSpaceA.KERNEL32(00429088,?,?,0000040F,?,00429088,00429088,?,00000001,00429088,?,?,000003FB,?), ref: 004044DE
                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004044F9
                                                                                                                                                                                                                                                      • Part of subcall function 00404652: lstrlenA.KERNEL32(0042A0C0,0042A0C0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,0040456D,000000DF,00000000,00000400,?), ref: 004046F0
                                                                                                                                                                                                                                                      • Part of subcall function 00404652: wsprintfA.USER32 ref: 004046F8
                                                                                                                                                                                                                                                      • Part of subcall function 00404652: SetDlgItemTextA.USER32(?,0042A0C0), ref: 0040470B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                    • String ID: <[p$A$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\nso119A.tmp
                                                                                                                                                                                                                                                    • API String ID: 2624150263-1517788110
                                                                                                                                                                                                                                                    • Opcode ID: 3d64022c2b21c39a64a98da63deeb86cc1d5b9f7a9423e99d56a9714a362c618
                                                                                                                                                                                                                                                    • Instruction ID: 25cf576a769d2d8a049a3aeadb65d5b4cdf4f75aeaeb5f9dd55cec19ee375662
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d64022c2b21c39a64a98da63deeb86cc1d5b9f7a9423e99d56a9714a362c618
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6A170B1900218ABDB11AFA5DC41BAF77B8EF84315F10843BF611B62D1D77C9A418F69
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402036 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(004074B8,?,00000001,004074A8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402089
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409458,00000400,?,00000001,004074A8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402143
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Fast!, xrefs: 004020C1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                                                                                                                                    • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                                                    • API String ID: 123533781-1788482285
                                                                                                                                                                                                                                                    • Opcode ID: 089d836d197c9fcc50a53b18f49cd8a015546262fcb82e37291253ae6d4f0e16
                                                                                                                                                                                                                                                    • Instruction ID: 191a2b8eefbfb1bddfad8f8f84b6cbb7561eb223b9fb57f38d09f1a7a57a31e1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 089d836d197c9fcc50a53b18f49cd8a015546262fcb82e37291253ae6d4f0e16
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39413075A00104BFDB00EFA4CD89E9E7BBAEF49364B20426AF505EB2D1CA799D41CB54
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402654 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402663
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileFindFirst
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1974802433-0
                                                                                                                                                                                                                                                    • Opcode ID: a1c633566bb42718fd209a1295be4839a4acb94dd37ef7f011ee4d14f6f5a913
                                                                                                                                                                                                                                                    • Instruction ID: 4742aed74e2d5c2fbc4c68297bab01de776a4a0a464f4ce0b78a7fb1d39a8d7e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1c633566bb42718fd209a1295be4839a4acb94dd37ef7f011ee4d14f6f5a913
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAF0A032608100ABD710E7B99989AEEB368AF11324F60467BE105F21C1DAB859459B6A
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040632A Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 5a819559cac325912a5da870af16f2072e900c9bb0763f72fbb9437a3d348546
                                                                                                                                                                                                                                                    • Instruction ID: 430467d656314c7e37725f6accf0e98df37da47b2ee055c5ee71eb9d2680c55a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a819559cac325912a5da870af16f2072e900c9bb0763f72fbb9437a3d348546
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BE18B71A00709DFDB24CF58D880BAABBF1FB45305F15852EE897A7291D738AA95CF04
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00406B01 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 6271c98690b1cfc42e3136c50631b776cf05fd7e3b644bcdccc108723492fea8
                                                                                                                                                                                                                                                    • Instruction ID: 31e596356fdf544bef750598cd2398cea7ffcaa0c07f8aabd85cf97c85a13bdb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6271c98690b1cfc42e3136c50631b776cf05fd7e3b644bcdccc108723492fea8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6C14C71A00229CBDF14CF68D4905EEB7B2FF98314F26816AD856BB384D734A952CF94
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00403FA5 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404030
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(00000000,000003E8), ref: 00404044
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404062
                                                                                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 00404073
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404082
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404091
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0040409B
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004040A9
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004040B8
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000040A), ref: 0040411B
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 0040411E
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 00404149
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404189
                                                                                                                                                                                                                                                    • LoadCursorA.USER32(00000000,00007F02), ref: 00404198
                                                                                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 004041A1
                                                                                                                                                                                                                                                    • ShellExecuteA.SHELL32(0000070B,open,0042DBE0,00000000,00000000,00000001), ref: 004041B4
                                                                                                                                                                                                                                                    • LoadCursorA.USER32(00000000,00007F00), ref: 004041C1
                                                                                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 004041C4
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000111,00000001,00000000), ref: 004041F0
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404204
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                                                                                                                    • String ID: <[p$N$open$q?@
                                                                                                                                                                                                                                                    • API String ID: 3615053054-1011079626
                                                                                                                                                                                                                                                    • Opcode ID: 43e4b1bebc352cc37ab134c8e21d344cf3974b6da0146347b86895c6f7b453af
                                                                                                                                                                                                                                                    • Instruction ID: 8cc316ab489d754ba064ab1d5a66df449127ca6112c148b2bdc2fdd16cb80ba7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43e4b1bebc352cc37ab134c8e21d344cf3974b6da0146347b86895c6f7b453af
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9361DFB1A40209BFEB109F60CC45F6A3B68FB54745F10853AFB04BA2D1C7B8A951CF99
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                                    • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                                    • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                                    • DrawTextA.USER32(00000000,Fast! Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                                    • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                    • String ID: F$Fast! Setup
                                                                                                                                                                                                                                                    • API String ID: 941294808-2757725660
                                                                                                                                                                                                                                                    • Opcode ID: 9ef4e76bf49e76a01cd413a5d017736c2cab636d92d5aa9aaf47e7e990c9ee05
                                                                                                                                                                                                                                                    • Instruction ID: 7d427dbe4d4bacd88da03279d54ab8fa369b0c74db3328ba00a5b4b95e7f032c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ef4e76bf49e76a01cd413a5d017736c2cab636d92d5aa9aaf47e7e990c9ee05
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B41AC71804249AFCB058F95CD459BFBFB9FF44314F00802AF961AA2A0C738EA50DFA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004058EF Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00405F2D: GetModuleHandleA.KERNEL32(?,?,00000000,00403179,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00405F3F
                                                                                                                                                                                                                                                      • Part of subcall function 00405F2D: GetProcAddress.KERNEL32(00000000,?), ref: 00405F5A
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,00405684,?,00000000,000000F1,?), ref: 0040593C
                                                                                                                                                                                                                                                    • GetShortPathNameA.KERNEL32(?,0042C250,00000400), ref: 00405945
                                                                                                                                                                                                                                                    • GetShortPathNameA.KERNEL32(00000000,0042BCC8,00000400), ref: 00405962
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00405980
                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,0042BCC8,C0000000,00000004,0042BCC8,?,?,?,00000000,000000F1,?), ref: 004059BB
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059CA
                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059E0
                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,0042B8C8,00000000,-0000000A,00409404,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A26
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405A38
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00405A3F
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A46
                                                                                                                                                                                                                                                      • Part of subcall function 004057ED: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059FB,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057F4
                                                                                                                                                                                                                                                      • Part of subcall function 004057ED: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059FB,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405824
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                                                                                                                                                                                                                                    • String ID: %s=%s$[Rename]
                                                                                                                                                                                                                                                    • API String ID: 3445103937-1727408572
                                                                                                                                                                                                                                                    • Opcode ID: 5742fcf8e6d24369f73811d4e0a848200ec6767fcee875b956134d564270afd6
                                                                                                                                                                                                                                                    • Instruction ID: f45ed1bdfbf8c4b03de67142e423a5701368854c8b403738f0f2c648216b24c4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5742fcf8e6d24369f73811d4e0a848200ec6767fcee875b956134d564270afd6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D741D471B05B157BD7206B619C89F6B3B5CDF85754F040136F905F62D2EA38E8018EAD
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405E03 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Setup (1).exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E5B
                                                                                                                                                                                                                                                    • CharNextA.USER32(?,?,?,00000000), ref: 00405E68
                                                                                                                                                                                                                                                    • CharNextA.USER32(?,"C:\Users\user\Desktop\Setup (1).exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E6D
                                                                                                                                                                                                                                                    • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E7D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                    • String ID: "C:\Users\user\Desktop\Setup (1).exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                    • API String ID: 589700163-1799961190
                                                                                                                                                                                                                                                    • Opcode ID: 3b5f3268fa1fae19e58d0ad2ced72642c676bfd811e2c7a6988a98807c9a22ca
                                                                                                                                                                                                                                                    • Instruction ID: 8c0debaa59703488c7458a94fa91a8896e4240cf3d31b331365b77cfd974a1c9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b5f3268fa1fae19e58d0ad2ced72642c676bfd811e2c7a6988a98807c9a22ca
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E11B671804A912DEB3217289C44B777FC8CB66790F18447BD4D5723C2D67C5D428AAD
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00403EC4 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetWindowLongA.USER32(?,000000EB), ref: 00403EE1
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000000), ref: 00403EFD
                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00403F09
                                                                                                                                                                                                                                                    • SetBkMode.GDI32(?,?), ref: 00403F15
                                                                                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 00403F28
                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 00403F38
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00403F52
                                                                                                                                                                                                                                                    • CreateBrushIndirect.GDI32(?), ref: 00403F5C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2320649405-0
                                                                                                                                                                                                                                                    • Opcode ID: 244050047767258f024cc5d970fbc24e44c9485df9f09a7a1d92820c249c5868
                                                                                                                                                                                                                                                    • Instruction ID: 0d89a351d513fb24bb3d4bb4099581c898fc75933690e96f4850fc1bb23eeaf2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 244050047767258f024cc5d970fbc24e44c9485df9f09a7a1d92820c249c5868
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91214271904745ABCB219F78DD08B4B7FF8AF05715B048629F995A22E0D734E9048B65
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402692 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00009E00,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004026E6
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402702
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 0040273B
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040274D
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00402754
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040276C
                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402780
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3294113728-0
                                                                                                                                                                                                                                                    • Opcode ID: 9c2b519bab710da34c4f93b0ba9d6d86cd7c01b4cb3bb32b5413ac78432567f7
                                                                                                                                                                                                                                                    • Instruction ID: 5b53ae4c2b613e87b8af51cb2b1d5881ebc53a54f05e9f53cd44442d287e2222
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c2b519bab710da34c4f93b0ba9d6d86cd7c01b4cb3bb32b5413ac78432567f7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3131A971C00128BBCF216FA5CE88DAE7F79EF05364F10423AF920762E1C67949408FA9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040475C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404777
                                                                                                                                                                                                                                                    • GetMessagePos.USER32 ref: 0040477F
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00404799
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001111,00000000,?), ref: 004047AB
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004047D1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                    • String ID: f
                                                                                                                                                                                                                                                    • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                    • Opcode ID: b999d07b324019c2219c33d3107ce818a81de0efbbfc0766a2ac4245d0efef5f
                                                                                                                                                                                                                                                    • Instruction ID: 1287270e3ce35f4bc81f554f3193770291cde8f8b01dc106229a8c11fbd36195
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b999d07b324019c2219c33d3107ce818a81de0efbbfc0766a2ac4245d0efef5f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99014071D00219BADB01DBA4DD85FFEBBFCAB59711F10412BBA10B72C0D7B465018BA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402B51 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B6C
                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(0001F606,00000064,00022CC8), ref: 00402B97
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00402BA7
                                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,?), ref: 00402BB7
                                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BC9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • verifying installer: %d%%, xrefs: 00402BA1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                    • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                    • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                    • Opcode ID: f4b40b60170e557e8e64fd1007bdae5203f411c8eb827d09f08439ceb1717922
                                                                                                                                                                                                                                                    • Instruction ID: 170251b52dccb1bc1045efc101099eb7df8550efa5a7238432f4f3ca5a85e13a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4b40b60170e557e8e64fd1007bdae5203f411c8eb827d09f08439ceb1717922
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C501F470644209BBDB209F61DD49EED3779AB44305F008039FA06B52D0D7B599558F95
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402319 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402357
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsd4724.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402377
                                                                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsd4724.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023B0
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsd4724.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402493
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateValuelstrlen
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsd4724.tmp
                                                                                                                                                                                                                                                    • API String ID: 1356686001-3453418367
                                                                                                                                                                                                                                                    • Opcode ID: 61935974622c5da474b5e029e75e3e8e17383666ee19cd5a5b43de79f1f0482f
                                                                                                                                                                                                                                                    • Instruction ID: 87e3eab27a64c54b83edf31c6fc5fb34a185908cb1e9cfdfcb2c5e910e3a0e9b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61935974622c5da474b5e029e75e3e8e17383666ee19cd5a5b43de79f1f0482f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74116371E00108BEEB10EFB5DE89EAF7A79EB50358F10403AF905B61D1D6B85D019A69
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040534F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,?,00000000), ref: 00405392
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004053A6
                                                                                                                                                                                                                                                    • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053BB
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004053C5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\Desktop
                                                                                                                                                                                                                                                    • API String ID: 3449924974-1876063424
                                                                                                                                                                                                                                                    • Opcode ID: 1936ad7c03f2b7d8793bf3b54e92df8b677be00562b78ee6b782fceed01fa342
                                                                                                                                                                                                                                                    • Instruction ID: 0f194ad754f8d2153fe6bade7a67ae4222ab15fc701b17716cfd16251ec2b406
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1936ad7c03f2b7d8793bf3b54e92df8b677be00562b78ee6b782fceed01fa342
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5010871D04259EBEF119BA0D904BEFBFB8EF04354F00457AE905B6180D3B89614CFAA
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401D1B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 00401D22
                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                                                                                                                                                                    • CreateFontIndirectA.GDI32(0040B064), ref: 00401D8A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CapsCreateDeviceFontIndirect
                                                                                                                                                                                                                                                    • String ID: MS Shell Dlg
                                                                                                                                                                                                                                                    • API String ID: 3272661963-76309092
                                                                                                                                                                                                                                                    • Opcode ID: ddff0eb3c5e25ddfa96e079742b43ca07db4ec19b9a7de42c68f69fa1349c524
                                                                                                                                                                                                                                                    • Instruction ID: 5e6b0a242ffc9277152ed6cf63edc70abaf129c53bcded44f01e7363494148ce
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ddff0eb3c5e25ddfa96e079742b43ca07db4ec19b9a7de42c68f69fa1349c524
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0BF04471E89240AEE7016770AF1AB9B7F64D715305F104475F651B62E2C77914048BAE
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402A4C Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A6D
                                                                                                                                                                                                                                                    • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AA9
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402AB2
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402AD7
                                                                                                                                                                                                                                                    • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AF5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1912718029-0
                                                                                                                                                                                                                                                    • Opcode ID: 87ccbfffecd7de7467de5c73c2002d88ab1ef4389744f866cc51cf150fc0b97d
                                                                                                                                                                                                                                                    • Instruction ID: aab1c47b15b7d7dbd0304e6a384de86cdfdd1b9a1951722987da620561d60ced
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87ccbfffecd7de7467de5c73c2002d88ab1ef4389744f866cc51cf150fc0b97d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45117F71A00009FFDF219F91DE49DAF3B69EB14394B004076FA06F00A0DBB49E52AF69
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401CC1 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?), ref: 00401CC5
                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00401CD2
                                                                                                                                                                                                                                                    • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401CF3
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00401D10
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1849352358-0
                                                                                                                                                                                                                                                    • Opcode ID: def8d1c1479795c1167aff6e03d0c5147865de771fccb6e49a981145c37fb96d
                                                                                                                                                                                                                                                    • Instruction ID: 0b6a49845d72fa48a9a579b1019c06f6c105053db178aa5042bb0eadc5b1df39
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: def8d1c1479795c1167aff6e03d0c5147865de771fccb6e49a981145c37fb96d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2DF0EC72A04114AFEB00EBA4DD88DAFB77CFB44305B044536F501F6191C678AD419B79
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00404652 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(0042A0C0,0042A0C0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,0040456D,000000DF,00000000,00000400,?), ref: 004046F0
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 004046F8
                                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,0042A0C0), ref: 0040470B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                    • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                    • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                    • Opcode ID: 25570fc33e6b197a104511908ae51b25733c0ff1131e090094a159b4d727c391
                                                                                                                                                                                                                                                    • Instruction ID: cfc8e6c3a4af003209a53fcdfac8cba24e816d3e629d82a7997265ded69b8fd0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25570fc33e6b197a104511908ae51b25733c0ff1131e090094a159b4d727c391
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0112773A0412827EB0065699C45EAF3298DB86334F254637FE25F71D1E9799C1285EC
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004038BD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetWindowTextA.USER32(00000000,Fast! Setup), ref: 00403955
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: TextWindow
                                                                                                                                                                                                                                                    • String ID: "C:\Users\user\Desktop\Setup (1).exe"$1033$Fast! Setup
                                                                                                                                                                                                                                                    • API String ID: 530164218-1547238180
                                                                                                                                                                                                                                                    • Opcode ID: d8ad201f115282551ba09e0da2efc204a6a752d14a8939c65402d3ba6059872e
                                                                                                                                                                                                                                                    • Instruction ID: 93100a74eb761491cad5589d5ba72450eee8ba09b7e289b8bdcf135b4c9a781b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8ad201f115282551ba09e0da2efc204a6a752d14a8939c65402d3ba6059872e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A611F071B006108BC730EF56DC80A773BACEB85715368813BA801A73A0CA39AD028B9C
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00404DDD Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 00404E13
                                                                                                                                                                                                                                                    • CallWindowProcA.USER32(?,00000200,?,?), ref: 00404E81
                                                                                                                                                                                                                                                      • Part of subcall function 00403EA9: SendMessageA.USER32(0002041C,00000000,00000000,00000000), ref: 00403EBB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                    • String ID: $C:\Users\user\AppData\Local\Temp\nso119A.tmp
                                                                                                                                                                                                                                                    • API String ID: 3748168415-697729413
                                                                                                                                                                                                                                                    • Opcode ID: 284444f2568d96eb5f499d391233f43a2f88d41ae364e0567807da02f849ec1b
                                                                                                                                                                                                                                                    • Instruction ID: 765017f4a7fe1763b93213a0743e5224a7b8bf10e0e2635d7465f91e9f3f1348
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 284444f2568d96eb5f499d391233f43a2f88d41ae364e0567807da02f849ec1b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5116D71500218BFDF215F51DC81E9B7669BB84365F00803AFA08792A1C37C49518BEE
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405694 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030FA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 0040569A
                                                                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030FA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 004056A3
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(?,00409010), ref: 004056B4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405694
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                    • API String ID: 2659869361-4083868402
                                                                                                                                                                                                                                                    • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                                                                                                                                    • Instruction ID: 3169b85a74bfaa55460b422d3e3fbca7e168afda588c61a1877893bbaf19970e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25D0A972606A302EE20226158C05F8B3A28CF52301B0448A2F640B22D2C7BC7E818FFE
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405728 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CharNextA.USER32(004054DA,?,C:\,00000000,0040578C,C:\,C:\,?,?,00000000,004054DA,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405736
                                                                                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 0040573B
                                                                                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 0040574A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CharNext
                                                                                                                                                                                                                                                    • String ID: C:\
                                                                                                                                                                                                                                                    • API String ID: 3213498283-3404278061
                                                                                                                                                                                                                                                    • Opcode ID: 2a9caa78ea5ad24ed31709241e3ad5854e0d2865484118cf7a19592bf420cc00
                                                                                                                                                                                                                                                    • Instruction ID: a054648e037d2dc9b414c06332908f1e3c0a092ae6d4a81e5674b26f1e0c7c07
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a9caa78ea5ad24ed31709241e3ad5854e0d2865484118cf7a19592bf420cc00
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2F02751E00B609AE73232740C44B2B579CEB54720F184433E101B71D087BC4C82AFAA
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402BD4 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000,00000000,00402DB4,00000001), ref: 00402BE7
                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402C05
                                                                                                                                                                                                                                                    • CreateDialogParamA.USER32(0000006F,00000000,00402B51,00000000), ref: 00402C22
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 00402C30
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2102729457-0
                                                                                                                                                                                                                                                    • Opcode ID: b254695f6d3024de6991e78bd902d51a9eabd2695cbf76f56ec73d281620ca3d
                                                                                                                                                                                                                                                    • Instruction ID: fe7f2a60441318f0c2a90f6d59b101c1e11520174a0dcb1e75ef42172c75ba50
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b254695f6d3024de6991e78bd902d51a9eabd2695cbf76f56ec73d281620ca3d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7FF05470A0D121ABD6746F55FE8CD8B7BA4F744B017540576F000B11A4DA785882CFAD
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004024D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000011), ref: 004024F2
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsd4724.tmp\INetC.dll,00000000,?,?,00000000,00000011), ref: 00402511
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\nsd4724.tmp\INetC.dll, xrefs: 004024E0, 00402505
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileWritelstrlen
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsd4724.tmp\INetC.dll
                                                                                                                                                                                                                                                    • API String ID: 427699356-2764887444
                                                                                                                                                                                                                                                    • Opcode ID: 55d5c31b05b367b2be7d260ca987d3fabb08ce9c2cd564eb144ff7a2d4973d57
                                                                                                                                                                                                                                                    • Instruction ID: 4d0466e2475190dcbeea98c473c6ee3349c22a30d2c03acad583e8792e536618
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55d5c31b05b367b2be7d260ca987d3fabb08ce9c2cd564eb144ff7a2d4973d57
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FEF0E972A44244BFEB10FBB19E09EAB3668EB50309F14443BF142F51C2D6FC5541966E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405401 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042C0C8,Error launching installer), ref: 00405426
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00405433
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Error launching installer, xrefs: 00405414
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                    • String ID: Error launching installer
                                                                                                                                                                                                                                                    • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                    • Opcode ID: 0925aebfc32c6642fbbb941080814cd4d7ece6f22c8f43fc911f16656fd02ce2
                                                                                                                                                                                                                                                    • Instruction ID: 8ba2d39aa234bef1b68f753dd4085f5a0355ab0b72bc814b33162f1b9dafcc5c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0925aebfc32c6642fbbb941080814cd4d7ece6f22c8f43fc911f16656fd02ce2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40E0E675A00209ABDB109FA4DC45A6F7B7CFF10305B404521E914F3151D774D5148A6D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004056DB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CA4,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Setup (1).exe,C:\Users\user\Desktop\Setup (1).exe,80000000,00000003), ref: 004056E1
                                                                                                                                                                                                                                                    • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CA4,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Setup (1).exe,C:\Users\user\Desktop\Setup (1).exe,80000000,00000003), ref: 004056EF
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CharPrevlstrlen
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\Desktop
                                                                                                                                                                                                                                                    • API String ID: 2709904686-1876063424
                                                                                                                                                                                                                                                    • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                                                                                                                                    • Instruction ID: 3f11d7040b39dee88ccc87d096f3af91d58a3172f7b65643d8c2c66232cec6f3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADD0A76280ADB01EF30352108C04B8F7A58CF13300F0948A2E040A21D1C6B85C418FFD
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004057ED Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059FB,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057F4
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(00000000,00000000), ref: 0040580D
                                                                                                                                                                                                                                                    • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 0040581B
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059FB,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405824
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.2024138598.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024035108.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024182998.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024288903.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.2024556981.000000000043F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Setup (1).jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 190613189-0
                                                                                                                                                                                                                                                    • Opcode ID: b9005c049e247e33e5549b3e141599c62d2a38fed0f6fd2d3c1464f89547bebd
                                                                                                                                                                                                                                                    • Instruction ID: 9d1965df737bf6a3caf75c2c412474092f11d9bf319c7f7f540ae1764f3f27e9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9005c049e247e33e5549b3e141599c62d2a38fed0f6fd2d3c1464f89547bebd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69F0A737209D51ABD202AB255C04D6B7FA4EF91314B14447AF840F2280D779A925DBBB
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:30.3%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:5.7%
                                                                                                                                                                                                                                                    Total number of Nodes:1344
                                                                                                                                                                                                                                                    Total number of Limit Nodes:34
                                                                                                                                                                                                                                                    execution_graph 2923 4015c1 2942 402da6 2923->2942 2927 401631 2929 401663 2927->2929 2930 401636 2927->2930 2932 401423 24 API calls 2929->2932 2966 401423 2930->2966 2940 40165b 2932->2940 2933 4015d1 2933->2927 2939 401617 GetFileAttributesW 2933->2939 2954 405e39 2933->2954 2958 405b08 2933->2958 2961 405a6e CreateDirectoryW 2933->2961 2970 405aeb CreateDirectoryW 2933->2970 2938 40164a SetCurrentDirectoryW 2938->2940 2939->2933 2943 402db2 2942->2943 2973 40657a 2943->2973 2946 4015c8 2948 405eb7 CharNextW CharNextW 2946->2948 2949 405ed4 2948->2949 2950 405ee6 2948->2950 2949->2950 2951 405ee1 CharNextW 2949->2951 2952 405e39 CharNextW 2950->2952 2953 405f0a 2950->2953 2951->2953 2952->2950 2953->2933 2955 405e3f 2954->2955 2956 405e55 2955->2956 2957 405e46 CharNextW 2955->2957 2956->2933 2957->2955 3011 40690a GetModuleHandleA 2958->3011 2962 405abb 2961->2962 2963 405abf GetLastError 2961->2963 2962->2933 2963->2962 2964 405ace SetFileSecurityW 2963->2964 2964->2962 2965 405ae4 GetLastError 2964->2965 2965->2962 3020 40559f 2966->3020 2969 40653d lstrcpynW 2969->2938 2971 405afb 2970->2971 2972 405aff GetLastError 2970->2972 2971->2933 2972->2971 2977 406587 2973->2977 2974 4067aa 2975 402dd3 2974->2975 3006 40653d lstrcpynW 2974->3006 2975->2946 2990 4067c4 2975->2990 2977->2974 2978 406778 lstrlenW 2977->2978 2981 40657a 10 API calls 2977->2981 2982 40668f GetSystemDirectoryW 2977->2982 2984 4066a2 GetWindowsDirectoryW 2977->2984 2985 406719 lstrcatW 2977->2985 2986 40657a 10 API calls 2977->2986 2987 4067c4 5 API calls 2977->2987 2988 4066d1 SHGetSpecialFolderLocation 2977->2988 2999 40640b 2977->2999 3004 406484 wsprintfW 2977->3004 3005 40653d lstrcpynW 2977->3005 2978->2977 2981->2978 2982->2977 2984->2977 2985->2977 2986->2977 2987->2977 2988->2977 2989 4066e9 SHGetPathFromIDListW CoTaskMemFree 2988->2989 2989->2977 2997 4067d1 2990->2997 2991 40684c CharPrevW 2994 406847 2991->2994 2992 40683a CharNextW 2992->2994 2992->2997 2993 405e39 CharNextW 2993->2997 2994->2991 2995 40686d 2994->2995 2995->2946 2996 406826 CharNextW 2996->2997 2997->2992 2997->2993 2997->2994 2997->2996 2998 406835 CharNextW 2997->2998 2998->2992 3007 4063aa 2999->3007 3002 40646f 3002->2977 3003 40643f RegQueryValueExW RegCloseKey 3003->3002 3004->2977 3005->2977 3006->2975 3008 4063b9 3007->3008 3009 4063c2 RegOpenKeyExW 3008->3009 3010 4063bd 3008->3010 3009->3010 3010->3002 3010->3003 3012 406930 GetProcAddress 3011->3012 3013 406926 3011->3013 3015 405b0f 3012->3015 3017 40689a GetSystemDirectoryW 3013->3017 3015->2933 3016 40692c 3016->3012 3016->3015 3018 4068bc wsprintfW LoadLibraryExW 3017->3018 3018->3016 3021 401431 3020->3021 3023 4055ba 3020->3023 3021->2969 3022 4055d6 lstrlenW 3025 4055e4 lstrlenW 3022->3025 3026 4055ff 3022->3026 3023->3022 3024 40657a 17 API calls 3023->3024 3024->3022 3025->3021 3027 4055f6 lstrcatW 3025->3027 3028 405612 3026->3028 3029 405605 SetWindowTextW 3026->3029 3027->3026 3028->3021 3030 405618 SendMessageW SendMessageW SendMessageW 3028->3030 3029->3028 3030->3021 3031 401941 3032 401943 3031->3032 3033 402da6 17 API calls 3032->3033 3034 401948 3033->3034 3037 405c49 3034->3037 3073 405f14 3037->3073 3040 405c71 DeleteFileW 3071 401951 3040->3071 3041 405c88 3042 405da8 3041->3042 3087 40653d lstrcpynW 3041->3087 3042->3071 3105 406873 FindFirstFileW 3042->3105 3044 405cae 3045 405cc1 3044->3045 3046 405cb4 lstrcatW 3044->3046 3097 405e58 lstrlenW 3045->3097 3048 405cc7 3046->3048 3050 405cd7 lstrcatW 3048->3050 3052 405ce2 lstrlenW FindFirstFileW 3048->3052 3050->3052 3052->3042 3064 405d04 3052->3064 3055 405d8b FindNextFileW 3059 405da1 FindClose 3055->3059 3055->3064 3056 405c01 5 API calls 3058 405de3 3056->3058 3060 405de7 3058->3060 3061 405dfd 3058->3061 3059->3042 3065 40559f 24 API calls 3060->3065 3060->3071 3063 40559f 24 API calls 3061->3063 3063->3071 3064->3055 3066 405c49 60 API calls 3064->3066 3068 40559f 24 API calls 3064->3068 3070 40559f 24 API calls 3064->3070 3088 40653d lstrcpynW 3064->3088 3089 405c01 3064->3089 3101 4062fd MoveFileExW 3064->3101 3067 405df4 3065->3067 3066->3064 3069 4062fd 36 API calls 3067->3069 3068->3055 3069->3071 3070->3064 3111 40653d lstrcpynW 3073->3111 3075 405f25 3076 405eb7 4 API calls 3075->3076 3077 405f2b 3076->3077 3078 405c69 3077->3078 3079 4067c4 5 API calls 3077->3079 3078->3040 3078->3041 3085 405f3b 3079->3085 3080 405f6c lstrlenW 3081 405f77 3080->3081 3080->3085 3083 405e0c 3 API calls 3081->3083 3082 406873 2 API calls 3082->3085 3084 405f7c GetFileAttributesW 3083->3084 3084->3078 3085->3078 3085->3080 3085->3082 3086 405e58 2 API calls 3085->3086 3086->3080 3087->3044 3088->3064 3112 406008 GetFileAttributesW 3089->3112 3092 405c2e 3092->3064 3093 405c24 DeleteFileW 3095 405c2a 3093->3095 3094 405c1c RemoveDirectoryW 3094->3095 3095->3092 3096 405c3a SetFileAttributesW 3095->3096 3096->3092 3098 405e66 3097->3098 3099 405e78 3098->3099 3100 405e6c CharPrevW 3098->3100 3099->3048 3100->3098 3100->3099 3102 40631e 3101->3102 3103 406311 3101->3103 3102->3064 3115 406183 3103->3115 3106 405dcd 3105->3106 3107 406889 FindClose 3105->3107 3106->3071 3108 405e0c lstrlenW CharPrevW 3106->3108 3107->3106 3109 405dd7 3108->3109 3110 405e28 lstrcatW 3108->3110 3109->3056 3110->3109 3111->3075 3113 405c0d 3112->3113 3114 40601a SetFileAttributesW 3112->3114 3113->3092 3113->3093 3113->3094 3114->3113 3116 4061b3 3115->3116 3117 4061d9 GetShortPathNameW 3115->3117 3142 40602d GetFileAttributesW CreateFileW 3116->3142 3119 4062f8 3117->3119 3120 4061ee 3117->3120 3119->3102 3120->3119 3122 4061f6 wsprintfA 3120->3122 3121 4061bd CloseHandle GetShortPathNameW 3121->3119 3123 4061d1 3121->3123 3124 40657a 17 API calls 3122->3124 3123->3117 3123->3119 3125 40621e 3124->3125 3143 40602d GetFileAttributesW CreateFileW 3125->3143 3127 40622b 3127->3119 3128 40623a GetFileSize GlobalAlloc 3127->3128 3129 4062f1 CloseHandle 3128->3129 3130 40625c 3128->3130 3129->3119 3144 4060b0 ReadFile 3130->3144 3135 40627b lstrcpyA 3138 40629d 3135->3138 3136 40628f 3137 405f92 4 API calls 3136->3137 3137->3138 3139 4062d4 SetFilePointer 3138->3139 3151 4060df WriteFile 3139->3151 3142->3121 3143->3127 3145 4060ce 3144->3145 3145->3129 3146 405f92 lstrlenA 3145->3146 3147 405fd3 lstrlenA 3146->3147 3148 405fdb 3147->3148 3149 405fac lstrcmpiA 3147->3149 3148->3135 3148->3136 3149->3148 3150 405fca CharNextA 3149->3150 3150->3147 3152 4060fd GlobalFree 3151->3152 3152->3129 3153 401c43 3175 402d84 3153->3175 3155 401c4a 3156 402d84 17 API calls 3155->3156 3157 401c57 3156->3157 3158 401c6c 3157->3158 3159 402da6 17 API calls 3157->3159 3160 401c7c 3158->3160 3161 402da6 17 API calls 3158->3161 3159->3158 3162 401cd3 3160->3162 3163 401c87 3160->3163 3161->3160 3165 402da6 17 API calls 3162->3165 3164 402d84 17 API calls 3163->3164 3167 401c8c 3164->3167 3166 401cd8 3165->3166 3168 402da6 17 API calls 3166->3168 3169 402d84 17 API calls 3167->3169 3170 401ce1 FindWindowExW 3168->3170 3171 401c98 3169->3171 3174 401d03 3170->3174 3172 401cc3 SendMessageW 3171->3172 3173 401ca5 SendMessageTimeoutW 3171->3173 3172->3174 3173->3174 3176 40657a 17 API calls 3175->3176 3177 402d99 3176->3177 3177->3155 3844 404943 3845 404953 3844->3845 3846 404979 3844->3846 3847 404499 18 API calls 3845->3847 3848 404500 8 API calls 3846->3848 3849 404960 SetDlgItemTextW 3847->3849 3850 404985 3848->3850 3849->3846 3851 4028c4 3852 4028ca 3851->3852 3853 4028d2 FindClose 3852->3853 3854 402c2a 3852->3854 3853->3854 3858 4016cc 3859 402da6 17 API calls 3858->3859 3860 4016d2 GetFullPathNameW 3859->3860 3861 4016ec 3860->3861 3862 40170e 3860->3862 3861->3862 3865 406873 2 API calls 3861->3865 3863 401723 GetShortPathNameW 3862->3863 3864 402c2a 3862->3864 3863->3864 3866 4016fe 3865->3866 3866->3862 3868 40653d lstrcpynW 3866->3868 3868->3862 3869 401e4e GetDC 3870 402d84 17 API calls 3869->3870 3871 401e60 GetDeviceCaps MulDiv ReleaseDC 3870->3871 3872 402d84 17 API calls 3871->3872 3873 401e91 3872->3873 3874 40657a 17 API calls 3873->3874 3875 401ece CreateFontIndirectW 3874->3875 3876 402638 3875->3876 3877 4045cf lstrcpynW lstrlenW 3581 402950 3582 402da6 17 API calls 3581->3582 3584 40295c 3582->3584 3583 402972 3586 406008 2 API calls 3583->3586 3584->3583 3585 402da6 17 API calls 3584->3585 3585->3583 3587 402978 3586->3587 3609 40602d GetFileAttributesW CreateFileW 3587->3609 3589 402985 3590 402a3b 3589->3590 3591 4029a0 GlobalAlloc 3589->3591 3592 402a23 3589->3592 3593 402a42 DeleteFileW 3590->3593 3594 402a55 3590->3594 3591->3592 3595 4029b9 3591->3595 3596 4032b4 31 API calls 3592->3596 3593->3594 3610 4034e5 SetFilePointer 3595->3610 3598 402a30 CloseHandle 3596->3598 3598->3590 3599 4029bf 3600 4034cf ReadFile 3599->3600 3601 4029c8 GlobalAlloc 3600->3601 3602 4029d8 3601->3602 3603 402a0c 3601->3603 3604 4032b4 31 API calls 3602->3604 3605 4060df WriteFile 3603->3605 3608 4029e5 3604->3608 3606 402a18 GlobalFree 3605->3606 3606->3592 3607 402a03 GlobalFree 3607->3603 3608->3607 3609->3589 3610->3599 3878 401956 3879 402da6 17 API calls 3878->3879 3880 40195d lstrlenW 3879->3880 3881 402638 3880->3881 3631 4014d7 3632 402d84 17 API calls 3631->3632 3633 4014dd Sleep 3632->3633 3635 402c2a 3633->3635 3636 4020d8 3637 40219c 3636->3637 3638 4020ea 3636->3638 3640 401423 24 API calls 3637->3640 3639 402da6 17 API calls 3638->3639 3641 4020f1 3639->3641 3646 4022f6 3640->3646 3642 402da6 17 API calls 3641->3642 3643 4020fa 3642->3643 3644 402110 LoadLibraryExW 3643->3644 3645 402102 GetModuleHandleW 3643->3645 3644->3637 3647 402121 3644->3647 3645->3644 3645->3647 3656 406979 3647->3656 3650 402132 3652 402142 3650->3652 3654 401423 24 API calls 3650->3654 3651 40216b 3653 40559f 24 API calls 3651->3653 3652->3646 3655 40218e FreeLibrary 3652->3655 3653->3652 3654->3652 3655->3646 3661 40655f WideCharToMultiByte 3656->3661 3658 406996 3659 40699d GetProcAddress 3658->3659 3660 40212c 3658->3660 3659->3660 3660->3650 3660->3651 3661->3658 3882 404658 3883 404670 3882->3883 3889 40478a 3882->3889 3890 404499 18 API calls 3883->3890 3884 4047f4 3885 4048be 3884->3885 3886 4047fe GetDlgItem 3884->3886 3891 404500 8 API calls 3885->3891 3887 404818 3886->3887 3888 40487f 3886->3888 3887->3888 3895 40483e SendMessageW LoadCursorW SetCursor 3887->3895 3888->3885 3896 404891 3888->3896 3889->3884 3889->3885 3892 4047c5 GetDlgItem SendMessageW 3889->3892 3893 4046d7 3890->3893 3894 4048b9 3891->3894 3915 4044bb KiUserCallbackDispatcher 3892->3915 3898 404499 18 API calls 3893->3898 3919 404907 3895->3919 3901 4048a7 3896->3901 3902 404897 SendMessageW 3896->3902 3899 4046e4 CheckDlgButton 3898->3899 3913 4044bb KiUserCallbackDispatcher 3899->3913 3901->3894 3906 4048ad SendMessageW 3901->3906 3902->3901 3903 4047ef 3916 4048e3 3903->3916 3906->3894 3908 404702 GetDlgItem 3914 4044ce SendMessageW 3908->3914 3910 404718 SendMessageW 3911 404735 GetSysColor 3910->3911 3912 40473e SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3910->3912 3911->3912 3912->3894 3913->3908 3914->3910 3915->3903 3917 4048f1 3916->3917 3918 4048f6 SendMessageW 3916->3918 3917->3918 3918->3884 3922 405b63 ShellExecuteExW 3919->3922 3921 40486d LoadCursorW SetCursor 3921->3888 3922->3921 3923 402b59 3924 402b60 3923->3924 3925 402bab 3923->3925 3928 402d84 17 API calls 3924->3928 3931 402ba9 3924->3931 3926 40690a 5 API calls 3925->3926 3927 402bb2 3926->3927 3929 402da6 17 API calls 3927->3929 3930 402b6e 3928->3930 3932 402bbb 3929->3932 3933 402d84 17 API calls 3930->3933 3932->3931 3934 402bbf IIDFromString 3932->3934 3936 402b7a 3933->3936 3934->3931 3935 402bce 3934->3935 3935->3931 3941 40653d lstrcpynW 3935->3941 3940 406484 wsprintfW 3936->3940 3939 402beb CoTaskMemFree 3939->3931 3940->3931 3941->3939 3781 40175c 3782 402da6 17 API calls 3781->3782 3783 401763 3782->3783 3784 40605c 2 API calls 3783->3784 3785 40176a 3784->3785 3786 40605c 2 API calls 3785->3786 3786->3785 3942 401d5d 3943 402d84 17 API calls 3942->3943 3944 401d6e SetWindowLongW 3943->3944 3945 402c2a 3944->3945 3787 401ede 3788 402d84 17 API calls 3787->3788 3789 401ee4 3788->3789 3790 402d84 17 API calls 3789->3790 3791 401ef0 3790->3791 3792 401f07 EnableWindow 3791->3792 3793 401efc ShowWindow 3791->3793 3794 402c2a 3792->3794 3793->3794 3795 4056de 3796 405888 3795->3796 3797 4056ff GetDlgItem GetDlgItem GetDlgItem 3795->3797 3799 405891 GetDlgItem CreateThread CloseHandle 3796->3799 3800 4058b9 3796->3800 3840 4044ce SendMessageW 3797->3840 3799->3800 3843 405672 5 API calls 3799->3843 3801 4058e4 3800->3801 3803 4058d0 ShowWindow ShowWindow 3800->3803 3804 405909 3800->3804 3805 405944 3801->3805 3808 4058f8 3801->3808 3809 40591e ShowWindow 3801->3809 3802 40576f 3806 405776 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3802->3806 3842 4044ce SendMessageW 3803->3842 3810 404500 8 API calls 3804->3810 3805->3804 3813 405952 SendMessageW 3805->3813 3811 4057e4 3806->3811 3812 4057c8 SendMessageW SendMessageW 3806->3812 3814 404472 SendMessageW 3808->3814 3816 405930 3809->3816 3817 40593e 3809->3817 3815 405917 3810->3815 3818 4057f7 3811->3818 3819 4057e9 SendMessageW 3811->3819 3812->3811 3813->3815 3820 40596b CreatePopupMenu 3813->3820 3814->3804 3821 40559f 24 API calls 3816->3821 3822 404472 SendMessageW 3817->3822 3824 404499 18 API calls 3818->3824 3819->3818 3823 40657a 17 API calls 3820->3823 3821->3817 3822->3805 3825 40597b AppendMenuW 3823->3825 3826 405807 3824->3826 3827 405998 GetWindowRect 3825->3827 3828 4059ab TrackPopupMenu 3825->3828 3829 405810 ShowWindow 3826->3829 3830 405844 GetDlgItem SendMessageW 3826->3830 3827->3828 3828->3815 3831 4059c6 3828->3831 3832 405833 3829->3832 3833 405826 ShowWindow 3829->3833 3830->3815 3834 40586b SendMessageW SendMessageW 3830->3834 3835 4059e2 SendMessageW 3831->3835 3841 4044ce SendMessageW 3832->3841 3833->3832 3834->3815 3835->3835 3836 4059ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3835->3836 3838 405a24 SendMessageW 3836->3838 3838->3838 3839 405a4d GlobalUnlock SetClipboardData CloseClipboard 3838->3839 3839->3815 3840->3802 3841->3830 3842->3801 3946 4028de 3947 4028e6 3946->3947 3948 4028ea FindNextFileW 3947->3948 3950 4028fc 3947->3950 3949 402943 3948->3949 3948->3950 3952 40653d lstrcpynW 3949->3952 3952->3950 3953 404ce0 3954 404cf0 3953->3954 3955 404d0c 3953->3955 3964 405b81 GetDlgItemTextW 3954->3964 3957 404d12 SHGetPathFromIDListW 3955->3957 3958 404d3f 3955->3958 3960 404d29 SendMessageW 3957->3960 3961 404d22 3957->3961 3959 404cfd SendMessageW 3959->3955 3960->3958 3962 40140b 2 API calls 3961->3962 3962->3960 3964->3959 3178 405b63 ShellExecuteExW 3965 401563 3966 402ba4 3965->3966 3969 406484 wsprintfW 3966->3969 3968 402ba9 3969->3968 3970 401968 3971 402d84 17 API calls 3970->3971 3972 40196f 3971->3972 3973 402d84 17 API calls 3972->3973 3974 40197c 3973->3974 3975 402da6 17 API calls 3974->3975 3976 401993 lstrlenW 3975->3976 3977 4019a4 3976->3977 3981 4019e5 3977->3981 3982 40653d lstrcpynW 3977->3982 3979 4019d5 3980 4019da lstrlenW 3979->3980 3979->3981 3980->3981 3982->3979 3983 40166a 3984 402da6 17 API calls 3983->3984 3985 401670 3984->3985 3986 406873 2 API calls 3985->3986 3987 401676 3986->3987 3988 402aeb 3989 402d84 17 API calls 3988->3989 3990 402af1 3989->3990 3991 40657a 17 API calls 3990->3991 3992 40292e 3990->3992 3991->3992 3270 4026ec 3271 402d84 17 API calls 3270->3271 3272 4026fb 3271->3272 3273 402745 ReadFile 3272->3273 3274 4060b0 ReadFile 3272->3274 3276 402785 MultiByteToWideChar 3272->3276 3277 40283a 3272->3277 3279 4027de 3272->3279 3280 4027ab SetFilePointer MultiByteToWideChar 3272->3280 3281 40284b 3272->3281 3283 402838 3272->3283 3273->3272 3273->3283 3274->3272 3276->3272 3293 406484 wsprintfW 3277->3293 3279->3272 3279->3283 3284 40610e SetFilePointer 3279->3284 3280->3272 3282 40286c SetFilePointer 3281->3282 3281->3283 3282->3283 3285 40612a 3284->3285 3288 406142 3284->3288 3286 4060b0 ReadFile 3285->3286 3287 406136 3286->3287 3287->3288 3289 406173 SetFilePointer 3287->3289 3290 40614b SetFilePointer 3287->3290 3288->3279 3289->3288 3290->3289 3291 406156 3290->3291 3292 4060df WriteFile 3291->3292 3292->3288 3293->3283 3540 40176f 3541 402da6 17 API calls 3540->3541 3542 401776 3541->3542 3543 401796 3542->3543 3544 40179e 3542->3544 3579 40653d lstrcpynW 3543->3579 3580 40653d lstrcpynW 3544->3580 3547 40179c 3551 4067c4 5 API calls 3547->3551 3548 4017a9 3549 405e0c 3 API calls 3548->3549 3550 4017af lstrcatW 3549->3550 3550->3547 3568 4017bb 3551->3568 3552 406873 2 API calls 3552->3568 3553 406008 2 API calls 3553->3568 3555 4017cd CompareFileTime 3555->3568 3556 40188d 3558 40559f 24 API calls 3556->3558 3557 401864 3559 40559f 24 API calls 3557->3559 3563 401879 3557->3563 3561 401897 3558->3561 3559->3563 3560 40653d lstrcpynW 3560->3568 3562 4032b4 31 API calls 3561->3562 3564 4018aa 3562->3564 3565 4018be SetFileTime 3564->3565 3566 4018d0 FindCloseChangeNotification 3564->3566 3565->3566 3566->3563 3569 4018e1 3566->3569 3567 40657a 17 API calls 3567->3568 3568->3552 3568->3553 3568->3555 3568->3556 3568->3557 3568->3560 3568->3567 3574 405b9d MessageBoxIndirectW 3568->3574 3578 40602d GetFileAttributesW CreateFileW 3568->3578 3570 4018e6 3569->3570 3571 4018f9 3569->3571 3572 40657a 17 API calls 3570->3572 3573 40657a 17 API calls 3571->3573 3575 4018ee lstrcatW 3572->3575 3576 401901 3573->3576 3574->3568 3575->3576 3577 405b9d MessageBoxIndirectW 3576->3577 3577->3563 3578->3568 3579->3547 3580->3548 3993 401a72 3994 402d84 17 API calls 3993->3994 3995 401a7b 3994->3995 3996 402d84 17 API calls 3995->3996 3997 401a20 3996->3997 3998 401573 3999 401583 ShowWindow 3998->3999 4000 40158c 3998->4000 3999->4000 4001 402c2a 4000->4001 4002 40159a ShowWindow 4000->4002 4002->4001 4003 4023f4 4004 402da6 17 API calls 4003->4004 4005 402403 4004->4005 4006 402da6 17 API calls 4005->4006 4007 40240c 4006->4007 4008 402da6 17 API calls 4007->4008 4009 402416 GetPrivateProfileStringW 4008->4009 4010 4014f5 SetForegroundWindow 4011 402c2a 4010->4011 4012 401ff6 4013 402da6 17 API calls 4012->4013 4014 401ffd 4013->4014 4015 406873 2 API calls 4014->4015 4016 402003 4015->4016 4018 402014 4016->4018 4019 406484 wsprintfW 4016->4019 4019->4018 4020 401b77 4021 402da6 17 API calls 4020->4021 4022 401b7e 4021->4022 4023 402d84 17 API calls 4022->4023 4024 401b87 wsprintfW 4023->4024 4025 402c2a 4024->4025 4026 40167b 4027 402da6 17 API calls 4026->4027 4028 401682 4027->4028 4029 402da6 17 API calls 4028->4029 4030 40168b 4029->4030 4031 402da6 17 API calls 4030->4031 4032 401694 MoveFileW 4031->4032 4033 4016a7 4032->4033 4039 4016a0 4032->4039 4035 406873 2 API calls 4033->4035 4037 4022f6 4033->4037 4034 401423 24 API calls 4034->4037 4036 4016b6 4035->4036 4036->4037 4038 4062fd 36 API calls 4036->4038 4038->4039 4039->4034 4040 4022ff 4041 402da6 17 API calls 4040->4041 4042 402305 4041->4042 4043 402da6 17 API calls 4042->4043 4044 40230e 4043->4044 4045 402da6 17 API calls 4044->4045 4046 402317 4045->4046 4047 406873 2 API calls 4046->4047 4048 402320 4047->4048 4049 402331 lstrlenW lstrlenW 4048->4049 4050 402324 4048->4050 4052 40559f 24 API calls 4049->4052 4051 40559f 24 API calls 4050->4051 4054 40232c 4050->4054 4051->4054 4053 40236f SHFileOperationW 4052->4053 4053->4050 4053->4054 4055 401000 4056 401037 BeginPaint GetClientRect 4055->4056 4057 40100c DefWindowProcW 4055->4057 4059 4010f3 4056->4059 4062 401179 4057->4062 4060 401073 CreateBrushIndirect FillRect DeleteObject 4059->4060 4061 4010fc 4059->4061 4060->4059 4063 401102 CreateFontIndirectW 4061->4063 4064 401167 EndPaint 4061->4064 4063->4064 4065 401112 6 API calls 4063->4065 4064->4062 4065->4064 4066 401d81 4067 401d94 GetDlgItem 4066->4067 4068 401d87 4066->4068 4070 401d8e 4067->4070 4069 402d84 17 API calls 4068->4069 4069->4070 4071 401dd5 GetClientRect LoadImageW SendMessageW 4070->4071 4072 402da6 17 API calls 4070->4072 4074 401e33 4071->4074 4076 401e3f 4071->4076 4072->4071 4075 401e38 DeleteObject 4074->4075 4074->4076 4075->4076 4077 401503 4078 40150b 4077->4078 4080 40151e 4077->4080 4079 402d84 17 API calls 4078->4079 4079->4080 4081 402383 4082 40238a 4081->4082 4084 40239d 4081->4084 4083 40657a 17 API calls 4082->4083 4085 402397 4083->4085 4086 405b9d MessageBoxIndirectW 4085->4086 4086->4084 4087 402c05 SendMessageW 4088 402c2a 4087->4088 4089 402c1f InvalidateRect 4087->4089 4089->4088 4090 404f06 GetDlgItem GetDlgItem 4091 404f58 7 API calls 4090->4091 4097 40517d 4090->4097 4092 404ff2 SendMessageW 4091->4092 4093 404fff DeleteObject 4091->4093 4092->4093 4094 405008 4093->4094 4095 40503f 4094->4095 4098 40657a 17 API calls 4094->4098 4099 404499 18 API calls 4095->4099 4096 40525f 4100 40530b 4096->4100 4110 4052b8 SendMessageW 4096->4110 4130 405170 4096->4130 4097->4096 4101 4051ec 4097->4101 4144 404e54 SendMessageW 4097->4144 4104 405021 SendMessageW SendMessageW 4098->4104 4105 405053 4099->4105 4102 405315 SendMessageW 4100->4102 4103 40531d 4100->4103 4101->4096 4106 405251 SendMessageW 4101->4106 4102->4103 4112 405336 4103->4112 4113 40532f ImageList_Destroy 4103->4113 4128 405346 4103->4128 4104->4094 4109 404499 18 API calls 4105->4109 4106->4096 4107 404500 8 API calls 4111 40550c 4107->4111 4123 405064 4109->4123 4115 4052cd SendMessageW 4110->4115 4110->4130 4116 40533f GlobalFree 4112->4116 4112->4128 4113->4112 4114 4054c0 4119 4054d2 ShowWindow GetDlgItem ShowWindow 4114->4119 4114->4130 4118 4052e0 4115->4118 4116->4128 4117 40513f GetWindowLongW SetWindowLongW 4120 405158 4117->4120 4129 4052f1 SendMessageW 4118->4129 4119->4130 4121 405175 4120->4121 4122 40515d ShowWindow 4120->4122 4143 4044ce SendMessageW 4121->4143 4142 4044ce SendMessageW 4122->4142 4123->4117 4124 40513a 4123->4124 4127 4050b7 SendMessageW 4123->4127 4131 4050f5 SendMessageW 4123->4131 4132 405109 SendMessageW 4123->4132 4124->4117 4124->4120 4127->4123 4128->4114 4135 405381 4128->4135 4149 404ed4 4128->4149 4129->4100 4130->4107 4131->4123 4132->4123 4134 40548b 4136 405496 InvalidateRect 4134->4136 4139 4054a2 4134->4139 4137 4053af SendMessageW 4135->4137 4138 4053c5 4135->4138 4136->4139 4137->4138 4138->4134 4140 405439 SendMessageW SendMessageW 4138->4140 4139->4114 4158 404e0f 4139->4158 4140->4138 4142->4130 4143->4097 4145 404eb3 SendMessageW 4144->4145 4146 404e77 GetMessagePos ScreenToClient SendMessageW 4144->4146 4148 404eab 4145->4148 4147 404eb0 4146->4147 4146->4148 4147->4145 4148->4101 4161 40653d lstrcpynW 4149->4161 4151 404ee7 4162 406484 wsprintfW 4151->4162 4153 404ef1 4154 40140b 2 API calls 4153->4154 4155 404efa 4154->4155 4163 40653d lstrcpynW 4155->4163 4157 404f01 4157->4135 4164 404d46 4158->4164 4160 404e24 4160->4114 4161->4151 4162->4153 4163->4157 4165 404d5f 4164->4165 4166 40657a 17 API calls 4165->4166 4167 404dc3 4166->4167 4168 40657a 17 API calls 4167->4168 4169 404dce 4168->4169 4170 40657a 17 API calls 4169->4170 4171 404de4 lstrlenW wsprintfW SetDlgItemTextW 4170->4171 4171->4160 4172 404609 lstrlenW 4173 404628 4172->4173 4174 40462a WideCharToMultiByte 4172->4174 4173->4174 3205 40248a 3206 402da6 17 API calls 3205->3206 3207 40249c 3206->3207 3208 402da6 17 API calls 3207->3208 3209 4024a6 3208->3209 3222 402e36 3209->3222 3212 40292e 3213 4024de 3215 4024ea 3213->3215 3216 402d84 17 API calls 3213->3216 3214 402da6 17 API calls 3218 4024d4 lstrlenW 3214->3218 3217 402509 RegSetValueExW 3215->3217 3226 4032b4 3215->3226 3216->3215 3220 40251f RegCloseKey 3217->3220 3218->3213 3220->3212 3223 402e51 3222->3223 3246 4063d8 3223->3246 3227 4032cd 3226->3227 3228 4032fb 3227->3228 3253 4034e5 SetFilePointer 3227->3253 3250 4034cf 3228->3250 3232 403468 3234 4034aa 3232->3234 3237 40346c 3232->3237 3233 403318 GetTickCount 3238 403452 3233->3238 3242 403367 3233->3242 3236 4034cf ReadFile 3234->3236 3235 4034cf ReadFile 3235->3242 3236->3238 3237->3238 3239 4034cf ReadFile 3237->3239 3240 4060df WriteFile 3237->3240 3238->3217 3239->3237 3240->3237 3241 4033bd GetTickCount 3241->3242 3242->3235 3242->3238 3242->3241 3243 4033e2 MulDiv wsprintfW 3242->3243 3245 4060df WriteFile 3242->3245 3244 40559f 24 API calls 3243->3244 3244->3242 3245->3242 3247 4063e7 3246->3247 3248 4063f2 RegCreateKeyExW 3247->3248 3249 4024b6 3247->3249 3248->3249 3249->3212 3249->3213 3249->3214 3251 4060b0 ReadFile 3250->3251 3252 403306 3251->3252 3252->3232 3252->3233 3252->3238 3253->3228 4175 40498a 4176 4049b6 4175->4176 4177 4049c7 4175->4177 4236 405b81 GetDlgItemTextW 4176->4236 4179 4049d3 GetDlgItem 4177->4179 4185 404a32 4177->4185 4180 4049e7 4179->4180 4184 4049fb SetWindowTextW 4180->4184 4188 405eb7 4 API calls 4180->4188 4181 404b16 4234 404cc5 4181->4234 4238 405b81 GetDlgItemTextW 4181->4238 4182 4049c1 4183 4067c4 5 API calls 4182->4183 4183->4177 4189 404499 18 API calls 4184->4189 4185->4181 4190 40657a 17 API calls 4185->4190 4185->4234 4187 404500 8 API calls 4192 404cd9 4187->4192 4193 4049f1 4188->4193 4194 404a17 4189->4194 4195 404aa6 SHBrowseForFolderW 4190->4195 4191 404b46 4196 405f14 18 API calls 4191->4196 4193->4184 4200 405e0c 3 API calls 4193->4200 4197 404499 18 API calls 4194->4197 4195->4181 4198 404abe CoTaskMemFree 4195->4198 4199 404b4c 4196->4199 4201 404a25 4197->4201 4202 405e0c 3 API calls 4198->4202 4239 40653d lstrcpynW 4199->4239 4200->4184 4237 4044ce SendMessageW 4201->4237 4204 404acb 4202->4204 4207 404b02 SetDlgItemTextW 4204->4207 4211 40657a 17 API calls 4204->4211 4206 404a2b 4209 40690a 5 API calls 4206->4209 4207->4181 4208 404b63 4210 40690a 5 API calls 4208->4210 4209->4185 4222 404b6a 4210->4222 4212 404aea lstrcmpiW 4211->4212 4212->4207 4214 404afb lstrcatW 4212->4214 4213 404bab 4240 40653d lstrcpynW 4213->4240 4214->4207 4216 404bb2 4217 405eb7 4 API calls 4216->4217 4218 404bb8 GetDiskFreeSpaceW 4217->4218 4220 404bdc MulDiv 4218->4220 4223 404c03 4218->4223 4220->4223 4221 405e58 2 API calls 4221->4222 4222->4213 4222->4221 4222->4223 4224 404c74 4223->4224 4226 404e0f 20 API calls 4223->4226 4225 404c97 4224->4225 4227 40140b 2 API calls 4224->4227 4241 4044bb KiUserCallbackDispatcher 4225->4241 4228 404c61 4226->4228 4227->4225 4230 404c76 SetDlgItemTextW 4228->4230 4231 404c66 4228->4231 4230->4224 4232 404d46 20 API calls 4231->4232 4232->4224 4233 404cb3 4233->4234 4235 4048e3 SendMessageW 4233->4235 4234->4187 4235->4234 4236->4182 4237->4206 4238->4191 4239->4208 4240->4216 4241->4233 4242 40290b 4243 402da6 17 API calls 4242->4243 4244 402912 FindFirstFileW 4243->4244 4245 40293a 4244->4245 4248 402925 4244->4248 4250 406484 wsprintfW 4245->4250 4247 402943 4251 40653d lstrcpynW 4247->4251 4250->4247 4251->4248 4252 40190c 4253 401943 4252->4253 4254 402da6 17 API calls 4253->4254 4255 401948 4254->4255 4256 405c49 67 API calls 4255->4256 4257 401951 4256->4257 4258 40190f 4259 402da6 17 API calls 4258->4259 4260 401916 4259->4260 4261 405b9d MessageBoxIndirectW 4260->4261 4262 40191f 4261->4262 3611 402891 3612 402898 3611->3612 3613 402ba9 3611->3613 3614 402d84 17 API calls 3612->3614 3615 40289f 3614->3615 3616 4028ae SetFilePointer 3615->3616 3616->3613 3617 4028be 3616->3617 3619 406484 wsprintfW 3617->3619 3619->3613 4263 401491 4264 40559f 24 API calls 4263->4264 4265 401498 4264->4265 3620 403b12 3621 403b2a 3620->3621 3622 403b1c CloseHandle 3620->3622 3627 403b57 3621->3627 3622->3621 3625 405c49 67 API calls 3626 403b3b 3625->3626 3629 403b65 3627->3629 3628 403b2f 3628->3625 3629->3628 3630 403b6a FreeLibrary GlobalFree 3629->3630 3630->3628 3630->3630 4266 401f12 4267 402da6 17 API calls 4266->4267 4268 401f18 4267->4268 4269 402da6 17 API calls 4268->4269 4270 401f21 4269->4270 4271 402da6 17 API calls 4270->4271 4272 401f2a 4271->4272 4273 402da6 17 API calls 4272->4273 4274 401f33 4273->4274 4275 401423 24 API calls 4274->4275 4276 401f3a 4275->4276 4283 405b63 ShellExecuteExW 4276->4283 4278 401f82 4279 40292e 4278->4279 4280 4069b5 5 API calls 4278->4280 4281 401f9f FindCloseChangeNotification 4280->4281 4281->4279 4283->4278 4284 405513 4285 405523 4284->4285 4286 405537 4284->4286 4287 405580 4285->4287 4288 405529 4285->4288 4289 40553f IsWindowVisible 4286->4289 4295 405556 4286->4295 4290 405585 CallWindowProcW 4287->4290 4291 4044e5 SendMessageW 4288->4291 4289->4287 4292 40554c 4289->4292 4293 405533 4290->4293 4291->4293 4294 404e54 5 API calls 4292->4294 4294->4295 4295->4290 4296 404ed4 4 API calls 4295->4296 4296->4287 4297 402f93 4298 402fa5 SetTimer 4297->4298 4299 402fbe 4297->4299 4298->4299 4300 403013 4299->4300 4301 402fd8 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4299->4301 4301->4300 4302 401d17 4303 402d84 17 API calls 4302->4303 4304 401d1d IsWindow 4303->4304 4305 401a20 4304->4305 3662 403f9a 3663 403fb2 3662->3663 3664 404113 3662->3664 3663->3664 3665 403fbe 3663->3665 3666 404164 3664->3666 3667 404124 GetDlgItem GetDlgItem 3664->3667 3668 403fc9 SetWindowPos 3665->3668 3669 403fdc 3665->3669 3671 4041be 3666->3671 3676 401389 2 API calls 3666->3676 3670 404499 18 API calls 3667->3670 3668->3669 3673 403fe5 ShowWindow 3669->3673 3674 404027 3669->3674 3675 40414e SetClassLongW 3670->3675 3672 4044e5 SendMessageW 3671->3672 3677 40410e 3671->3677 3702 4041d0 3672->3702 3678 404100 3673->3678 3679 404005 GetWindowLongW 3673->3679 3680 404046 3674->3680 3681 40402f DestroyWindow 3674->3681 3682 40140b 2 API calls 3675->3682 3683 404196 3676->3683 3744 404500 3678->3744 3679->3678 3685 40401e ShowWindow 3679->3685 3687 40404b SetWindowLongW 3680->3687 3688 40405c 3680->3688 3686 404422 3681->3686 3682->3666 3683->3671 3690 40419a SendMessageW 3683->3690 3685->3674 3686->3677 3695 404453 ShowWindow 3686->3695 3687->3677 3688->3678 3689 404068 GetDlgItem 3688->3689 3693 404096 3689->3693 3694 404079 SendMessageW IsWindowEnabled 3689->3694 3690->3677 3691 40140b 2 API calls 3691->3702 3692 404424 DestroyWindow KiUserCallbackDispatcher 3692->3686 3697 4040a3 3693->3697 3698 4040ea SendMessageW 3693->3698 3699 4040b6 3693->3699 3709 40409b 3693->3709 3694->3677 3694->3693 3695->3677 3696 40657a 17 API calls 3696->3702 3697->3698 3697->3709 3698->3678 3703 4040d3 3699->3703 3704 4040be 3699->3704 3701 404499 18 API calls 3701->3702 3702->3677 3702->3691 3702->3692 3702->3696 3702->3701 3726 404364 DestroyWindow 3702->3726 3735 404499 3702->3735 3706 40140b 2 API calls 3703->3706 3707 40140b 2 API calls 3704->3707 3705 4040d1 3705->3678 3708 4040da 3706->3708 3707->3709 3708->3678 3708->3709 3741 404472 3709->3741 3711 40424b GetDlgItem 3712 404260 3711->3712 3713 404268 ShowWindow KiUserCallbackDispatcher 3711->3713 3712->3713 3738 4044bb KiUserCallbackDispatcher 3713->3738 3715 404292 EnableWindow 3720 4042a6 3715->3720 3716 4042ab GetSystemMenu EnableMenuItem SendMessageW 3717 4042db SendMessageW 3716->3717 3716->3720 3717->3720 3719 403f7b 18 API calls 3719->3720 3720->3716 3720->3719 3739 4044ce SendMessageW 3720->3739 3740 40653d lstrcpynW 3720->3740 3722 40430a lstrlenW 3723 40657a 17 API calls 3722->3723 3724 404320 SetWindowTextW 3723->3724 3725 401389 2 API calls 3724->3725 3725->3702 3726->3686 3727 40437e CreateDialogParamW 3726->3727 3727->3686 3728 4043b1 3727->3728 3729 404499 18 API calls 3728->3729 3730 4043bc GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3729->3730 3731 401389 2 API calls 3730->3731 3732 404402 3731->3732 3732->3677 3733 40440a ShowWindow 3732->3733 3734 4044e5 SendMessageW 3733->3734 3734->3686 3736 40657a 17 API calls 3735->3736 3737 4044a4 SetDlgItemTextW 3736->3737 3737->3711 3738->3715 3739->3720 3740->3722 3742 404479 3741->3742 3743 40447f SendMessageW 3741->3743 3742->3743 3743->3705 3745 4045c3 3744->3745 3746 404518 GetWindowLongW 3744->3746 3745->3677 3746->3745 3747 40452d 3746->3747 3747->3745 3748 40455a GetSysColor 3747->3748 3749 40455d 3747->3749 3748->3749 3750 404563 SetTextColor 3749->3750 3751 40456d SetBkMode 3749->3751 3750->3751 3752 404585 GetSysColor 3751->3752 3753 40458b 3751->3753 3752->3753 3754 404592 SetBkColor 3753->3754 3755 40459c 3753->3755 3754->3755 3755->3745 3756 4045b6 CreateBrushIndirect 3755->3756 3757 4045af DeleteObject 3755->3757 3756->3745 3757->3756 3758 401b9b 3759 401ba8 3758->3759 3760 401bec 3758->3760 3765 401bbf 3759->3765 3769 401c31 3759->3769 3761 401bf1 3760->3761 3762 401c16 GlobalAlloc 3760->3762 3766 40239d 3761->3766 3779 40653d lstrcpynW 3761->3779 3764 40657a 17 API calls 3762->3764 3763 40657a 17 API calls 3767 402397 3763->3767 3764->3769 3777 40653d lstrcpynW 3765->3777 3773 405b9d MessageBoxIndirectW 3767->3773 3769->3763 3769->3766 3771 401c03 GlobalFree 3771->3766 3772 401bce 3778 40653d lstrcpynW 3772->3778 3773->3766 3775 401bdd 3780 40653d lstrcpynW 3775->3780 3777->3772 3778->3775 3779->3771 3780->3766 4306 40261c 4307 402da6 17 API calls 4306->4307 4308 402623 4307->4308 4311 40602d GetFileAttributesW CreateFileW 4308->4311 4310 40262f 4311->4310 4312 40149e 4313 4014ac PostQuitMessage 4312->4313 4314 40239d 4312->4314 4313->4314 4315 40259e 4325 402de6 4315->4325 4318 402d84 17 API calls 4319 4025b1 4318->4319 4320 4025d9 RegEnumValueW 4319->4320 4321 4025cd RegEnumKeyW 4319->4321 4323 40292e 4319->4323 4322 4025ee RegCloseKey 4320->4322 4321->4322 4322->4323 4326 402da6 17 API calls 4325->4326 4327 402dfd 4326->4327 4328 4063aa RegOpenKeyExW 4327->4328 4329 4025a8 4328->4329 4329->4318 4330 4015a3 4331 402da6 17 API calls 4330->4331 4332 4015aa SetFileAttributesW 4331->4332 4333 4015bc 4332->4333 3179 401fa4 3180 402da6 17 API calls 3179->3180 3181 401faa 3180->3181 3182 40559f 24 API calls 3181->3182 3183 401fb4 3182->3183 3192 405b20 CreateProcessW 3183->3192 3186 40292e 3189 401fcf 3190 401fdd FindCloseChangeNotification 3189->3190 3200 406484 wsprintfW 3189->3200 3190->3186 3193 405b53 CloseHandle 3192->3193 3194 401fba 3192->3194 3193->3194 3194->3186 3194->3190 3195 4069b5 WaitForSingleObject 3194->3195 3196 4069cf 3195->3196 3197 4069e1 GetExitCodeProcess 3196->3197 3201 406946 3196->3201 3197->3189 3200->3190 3202 406963 PeekMessageW 3201->3202 3203 406973 WaitForSingleObject 3202->3203 3204 406959 DispatchMessageW 3202->3204 3203->3196 3204->3202 4334 401a28 lstrcmpW 4335 401a1c 4334->4335 3254 4021aa 3255 402da6 17 API calls 3254->3255 3256 4021b1 3255->3256 3257 402da6 17 API calls 3256->3257 3258 4021bb 3257->3258 3259 402da6 17 API calls 3258->3259 3260 4021c5 3259->3260 3261 402da6 17 API calls 3260->3261 3262 4021cf 3261->3262 3263 402da6 17 API calls 3262->3263 3264 4021d9 3263->3264 3265 402218 CoCreateInstance 3264->3265 3266 402da6 17 API calls 3264->3266 3269 402237 3265->3269 3266->3265 3267 401423 24 API calls 3268 4022f6 3267->3268 3269->3267 3269->3268 4336 40202a 4337 402da6 17 API calls 4336->4337 4338 402031 4337->4338 4339 40690a 5 API calls 4338->4339 4340 402040 4339->4340 4341 4020cc 4340->4341 4342 40205c GlobalAlloc 4340->4342 4342->4341 4343 402070 4342->4343 4344 40690a 5 API calls 4343->4344 4345 402077 4344->4345 4346 40690a 5 API calls 4345->4346 4347 402081 4346->4347 4347->4341 4351 406484 wsprintfW 4347->4351 4349 4020ba 4352 406484 wsprintfW 4349->4352 4351->4349 4352->4341 4353 40252a 4354 402de6 17 API calls 4353->4354 4355 402534 4354->4355 4356 402da6 17 API calls 4355->4356 4357 40253d 4356->4357 4358 402548 RegQueryValueExW 4357->4358 4362 40292e 4357->4362 4359 40256e RegCloseKey 4358->4359 4360 402568 4358->4360 4359->4362 4360->4359 4364 406484 wsprintfW 4360->4364 4364->4359 4365 403baa 4366 403bb5 4365->4366 4367 403bb9 4366->4367 4368 403bbc GlobalAlloc 4366->4368 4368->4367 3294 40352d SetErrorMode GetVersionExW 3295 4035b7 3294->3295 3296 40357f GetVersionExW 3294->3296 3297 403610 3295->3297 3298 40690a 5 API calls 3295->3298 3296->3295 3299 40689a 3 API calls 3297->3299 3298->3297 3300 403626 lstrlenA 3299->3300 3300->3297 3301 403636 3300->3301 3302 40690a 5 API calls 3301->3302 3303 40363d 3302->3303 3304 40690a 5 API calls 3303->3304 3305 403644 3304->3305 3306 40690a 5 API calls 3305->3306 3307 403650 #17 OleInitialize SHGetFileInfoW 3306->3307 3384 40653d lstrcpynW 3307->3384 3310 40369d GetCommandLineW 3385 40653d lstrcpynW 3310->3385 3312 4036af 3313 405e39 CharNextW 3312->3313 3314 4036d5 CharNextW 3313->3314 3322 4036e6 3314->3322 3315 4037e4 3316 4037f8 GetTempPathW 3315->3316 3386 4034fc 3316->3386 3318 403810 3319 403814 GetWindowsDirectoryW lstrcatW 3318->3319 3320 40386a DeleteFileW 3318->3320 3323 4034fc 12 API calls 3319->3323 3396 40307d GetTickCount GetModuleFileNameW 3320->3396 3321 405e39 CharNextW 3321->3322 3322->3315 3322->3321 3328 4037e6 3322->3328 3325 403830 3323->3325 3325->3320 3327 403834 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3325->3327 3326 40387d 3329 403a59 ExitProcess OleUninitialize 3326->3329 3333 403932 3326->3333 3339 405e39 CharNextW 3326->3339 3332 4034fc 12 API calls 3327->3332 3480 40653d lstrcpynW 3328->3480 3330 403a69 3329->3330 3331 403a7e 3329->3331 3485 405b9d 3330->3485 3336 403a86 GetCurrentProcess OpenProcessToken 3331->3336 3337 403afc ExitProcess 3331->3337 3338 403862 3332->3338 3424 403bec 3333->3424 3343 403acc 3336->3343 3344 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 3336->3344 3338->3320 3338->3329 3350 40389f 3339->3350 3346 40690a 5 API calls 3343->3346 3344->3343 3345 403941 3345->3329 3349 403ad3 3346->3349 3347 403908 3352 405f14 18 API calls 3347->3352 3348 403949 3351 405b08 5 API calls 3348->3351 3353 403ae8 ExitWindowsEx 3349->3353 3356 403af5 3349->3356 3350->3347 3350->3348 3354 40394e lstrcatW 3351->3354 3355 403914 3352->3355 3353->3337 3353->3356 3358 40396a lstrcatW lstrcmpiW 3354->3358 3359 40395f lstrcatW 3354->3359 3355->3329 3481 40653d lstrcpynW 3355->3481 3489 40140b 3356->3489 3358->3345 3360 40398a 3358->3360 3359->3358 3362 403996 3360->3362 3363 40398f 3360->3363 3366 405aeb 2 API calls 3362->3366 3365 405a6e 4 API calls 3363->3365 3364 403927 3482 40653d lstrcpynW 3364->3482 3368 403994 3365->3368 3369 40399b SetCurrentDirectoryW 3366->3369 3368->3369 3370 4039b8 3369->3370 3371 4039ad 3369->3371 3484 40653d lstrcpynW 3370->3484 3483 40653d lstrcpynW 3371->3483 3374 40657a 17 API calls 3375 4039fa DeleteFileW 3374->3375 3376 403a06 CopyFileW 3375->3376 3381 4039c5 3375->3381 3376->3381 3377 403a50 3379 4062fd 36 API calls 3377->3379 3378 4062fd 36 API calls 3378->3381 3379->3345 3380 40657a 17 API calls 3380->3381 3381->3374 3381->3377 3381->3378 3381->3380 3382 405b20 2 API calls 3381->3382 3383 403a3a CloseHandle 3381->3383 3382->3381 3383->3381 3384->3310 3385->3312 3387 4067c4 5 API calls 3386->3387 3389 403508 3387->3389 3388 403512 3388->3318 3389->3388 3390 405e0c 3 API calls 3389->3390 3391 40351a 3390->3391 3392 405aeb 2 API calls 3391->3392 3393 403520 3392->3393 3492 40605c 3393->3492 3496 40602d GetFileAttributesW CreateFileW 3396->3496 3398 4030bd 3416 4030cd 3398->3416 3497 40653d lstrcpynW 3398->3497 3400 4030e3 3401 405e58 2 API calls 3400->3401 3402 4030e9 3401->3402 3498 40653d lstrcpynW 3402->3498 3404 4030f4 GetFileSize 3405 4031ee 3404->3405 3423 40310b 3404->3423 3499 403019 3405->3499 3407 4031f7 3409 403227 GlobalAlloc 3407->3409 3407->3416 3511 4034e5 SetFilePointer 3407->3511 3408 4034cf ReadFile 3408->3423 3510 4034e5 SetFilePointer 3409->3510 3411 40325a 3413 403019 6 API calls 3411->3413 3413->3416 3414 403210 3417 4034cf ReadFile 3414->3417 3415 403242 3418 4032b4 31 API calls 3415->3418 3416->3326 3419 40321b 3417->3419 3421 40324e 3418->3421 3419->3409 3419->3416 3420 403019 6 API calls 3420->3423 3421->3416 3421->3421 3422 40328b SetFilePointer 3421->3422 3422->3416 3423->3405 3423->3408 3423->3411 3423->3416 3423->3420 3425 40690a 5 API calls 3424->3425 3426 403c00 3425->3426 3427 403c06 3426->3427 3428 403c18 3426->3428 3527 406484 wsprintfW 3427->3527 3429 40640b 3 API calls 3428->3429 3430 403c48 3429->3430 3432 403c67 lstrcatW 3430->3432 3434 40640b 3 API calls 3430->3434 3433 403c16 3432->3433 3512 403ec2 3433->3512 3434->3432 3437 405f14 18 API calls 3438 403c99 3437->3438 3439 403d2d 3438->3439 3441 40640b 3 API calls 3438->3441 3440 405f14 18 API calls 3439->3440 3442 403d33 3440->3442 3449 403ccb 3441->3449 3443 403d43 LoadImageW 3442->3443 3444 40657a 17 API calls 3442->3444 3445 403de9 3443->3445 3446 403d6a RegisterClassW 3443->3446 3444->3443 3447 40140b 2 API calls 3445->3447 3450 403da0 SystemParametersInfoW CreateWindowExW 3446->3450 3479 403df3 3446->3479 3451 403def 3447->3451 3448 403cec lstrlenW 3453 403d20 3448->3453 3454 403cfa lstrcmpiW 3448->3454 3449->3439 3449->3448 3452 405e39 CharNextW 3449->3452 3450->3445 3459 403ec2 18 API calls 3451->3459 3451->3479 3457 403ce9 3452->3457 3456 405e0c 3 API calls 3453->3456 3454->3453 3455 403d0a GetFileAttributesW 3454->3455 3458 403d16 3455->3458 3460 403d26 3456->3460 3457->3448 3458->3453 3461 405e58 2 API calls 3458->3461 3462 403e00 3459->3462 3528 40653d lstrcpynW 3460->3528 3461->3453 3464 403e0c ShowWindow 3462->3464 3465 403e8f 3462->3465 3467 40689a 3 API calls 3464->3467 3520 405672 OleInitialize 3465->3520 3469 403e24 3467->3469 3468 403e95 3470 403eb1 3468->3470 3471 403e99 3468->3471 3472 403e32 GetClassInfoW 3469->3472 3474 40689a 3 API calls 3469->3474 3473 40140b 2 API calls 3470->3473 3477 40140b 2 API calls 3471->3477 3471->3479 3475 403e46 GetClassInfoW RegisterClassW 3472->3475 3476 403e5c DialogBoxParamW 3472->3476 3473->3479 3474->3472 3475->3476 3478 40140b 2 API calls 3476->3478 3477->3479 3478->3479 3479->3345 3480->3316 3481->3364 3482->3333 3483->3370 3484->3381 3486 405bb2 3485->3486 3487 403a76 ExitProcess 3486->3487 3488 405bc6 MessageBoxIndirectW 3486->3488 3488->3487 3490 401389 2 API calls 3489->3490 3491 401420 3490->3491 3491->3337 3493 406069 GetTickCount GetTempFileNameW 3492->3493 3494 40352b 3493->3494 3495 40609f 3493->3495 3494->3318 3495->3493 3495->3494 3496->3398 3497->3400 3498->3404 3500 403022 3499->3500 3501 40303a 3499->3501 3502 403032 3500->3502 3503 40302b DestroyWindow 3500->3503 3504 403042 3501->3504 3505 40304a GetTickCount 3501->3505 3502->3407 3503->3502 3506 406946 2 API calls 3504->3506 3507 403058 CreateDialogParamW ShowWindow 3505->3507 3508 40307b 3505->3508 3509 403048 3506->3509 3507->3508 3508->3407 3509->3407 3510->3415 3511->3414 3513 403ed6 3512->3513 3529 406484 wsprintfW 3513->3529 3515 403f47 3530 403f7b 3515->3530 3517 403c77 3517->3437 3518 403f4c 3518->3517 3519 40657a 17 API calls 3518->3519 3519->3518 3533 4044e5 3520->3533 3522 4056bc 3523 4044e5 SendMessageW 3522->3523 3525 4056ce OleUninitialize 3523->3525 3524 405695 3524->3522 3536 401389 3524->3536 3525->3468 3527->3433 3528->3439 3529->3515 3531 40657a 17 API calls 3530->3531 3532 403f89 SetWindowTextW 3531->3532 3532->3518 3534 4044fd 3533->3534 3535 4044ee SendMessageW 3533->3535 3534->3524 3535->3534 3538 401390 3536->3538 3537 4013fe 3537->3524 3538->3537 3539 4013cb MulDiv SendMessageW 3538->3539 3539->3538 4369 401a30 4370 402da6 17 API calls 4369->4370 4371 401a39 ExpandEnvironmentStringsW 4370->4371 4372 401a4d 4371->4372 4374 401a60 4371->4374 4373 401a52 lstrcmpW 4372->4373 4372->4374 4373->4374 4380 4023b2 4381 4023c0 4380->4381 4382 4023ba 4380->4382 4384 4023ce 4381->4384 4385 402da6 17 API calls 4381->4385 4383 402da6 17 API calls 4382->4383 4383->4381 4387 402da6 17 API calls 4384->4387 4388 4023dc 4384->4388 4385->4384 4386 402da6 17 API calls 4389 4023e5 WritePrivateProfileStringW 4386->4389 4387->4388 4388->4386 4390 402434 4391 402467 4390->4391 4392 40243c 4390->4392 4394 402da6 17 API calls 4391->4394 4393 402de6 17 API calls 4392->4393 4395 402443 4393->4395 4396 40246e 4394->4396 4398 402da6 17 API calls 4395->4398 4399 40247b 4395->4399 4401 402e64 4396->4401 4400 402454 RegDeleteValueW RegCloseKey 4398->4400 4400->4399 4402 402e71 4401->4402 4403 402e78 4401->4403 4402->4399 4403->4402 4405 402ea9 4403->4405 4406 4063aa RegOpenKeyExW 4405->4406 4407 402ed7 4406->4407 4408 402ee7 RegEnumValueW 4407->4408 4409 402f0a 4407->4409 4416 402f81 4407->4416 4408->4409 4410 402f71 RegCloseKey 4408->4410 4409->4410 4411 402f46 RegEnumKeyW 4409->4411 4412 402f4f RegCloseKey 4409->4412 4414 402ea9 6 API calls 4409->4414 4410->4416 4411->4409 4411->4412 4413 40690a 5 API calls 4412->4413 4415 402f5f 4413->4415 4414->4409 4415->4416 4417 402f63 RegDeleteKeyW 4415->4417 4416->4402 4417->4416 4418 401735 4419 402da6 17 API calls 4418->4419 4420 40173c SearchPathW 4419->4420 4421 401757 4420->4421 4422 401d38 4423 402d84 17 API calls 4422->4423 4424 401d3f 4423->4424 4425 402d84 17 API calls 4424->4425 4426 401d4b GetDlgItem 4425->4426 4427 402638 4426->4427 4428 4014b8 4429 4014be 4428->4429 4430 401389 2 API calls 4429->4430 4431 4014c6 4430->4431 4432 40263e 4433 402652 4432->4433 4434 40266d 4432->4434 4435 402d84 17 API calls 4433->4435 4436 402672 4434->4436 4437 40269d 4434->4437 4446 402659 4435->4446 4439 402da6 17 API calls 4436->4439 4438 402da6 17 API calls 4437->4438 4440 4026a4 lstrlenW 4438->4440 4441 402679 4439->4441 4440->4446 4449 40655f WideCharToMultiByte 4441->4449 4443 40268d lstrlenA 4443->4446 4444 4026e7 4445 4026d1 4445->4444 4447 4060df WriteFile 4445->4447 4446->4444 4446->4445 4448 40610e 5 API calls 4446->4448 4447->4444 4448->4445 4449->4443

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 0040352D Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 0 40352d-40357d SetErrorMode GetVersionExW 1 4035b7-4035be 0->1 2 40357f-4035b3 GetVersionExW 0->2 3 4035c0 1->3 4 4035c8-403608 1->4 2->1 3->4 5 40360a-403612 call 40690a 4->5 6 40361b 4->6 5->6 12 403614 5->12 8 403620-403634 call 40689a lstrlenA 6->8 13 403636-403652 call 40690a * 3 8->13 12->6 20 403663-4036c5 #17 OleInitialize SHGetFileInfoW call 40653d GetCommandLineW call 40653d 13->20 21 403654-40365a 13->21 28 4036c7-4036c9 20->28 29 4036ce-4036e1 call 405e39 CharNextW 20->29 21->20 26 40365c 21->26 26->20 28->29 32 4037d8-4037de 29->32 33 4037e4 32->33 34 4036e6-4036ec 32->34 37 4037f8-403812 GetTempPathW call 4034fc 33->37 35 4036f5-4036fb 34->35 36 4036ee-4036f3 34->36 39 403702-403706 35->39 40 4036fd-403701 35->40 36->35 36->36 44 403814-403832 GetWindowsDirectoryW lstrcatW call 4034fc 37->44 45 40386a-403882 DeleteFileW call 40307d 37->45 42 4037c6-4037d4 call 405e39 39->42 43 40370c-403712 39->43 40->39 42->32 61 4037d6-4037d7 42->61 47 403714-40371b 43->47 48 40372c-403765 43->48 44->45 64 403834-403864 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034fc 44->64 66 403888-40388e 45->66 67 403a59-403a67 ExitProcess OleUninitialize 45->67 54 403722 47->54 55 40371d-403720 47->55 49 403781-4037bb 48->49 50 403767-40376c 48->50 58 4037c3-4037c5 49->58 59 4037bd-4037c1 49->59 50->49 56 40376e-403776 50->56 54->48 55->48 55->54 62 403778-40377b 56->62 63 40377d 56->63 58->42 59->58 65 4037e6-4037f3 call 40653d 59->65 61->32 62->49 62->63 63->49 64->45 64->67 65->37 71 403894-4038a7 call 405e39 66->71 72 403935-40393c call 403bec 66->72 68 403a69-403a78 call 405b9d ExitProcess 67->68 69 403a7e-403a84 67->69 75 403a86-403a9b GetCurrentProcess OpenProcessToken 69->75 76 403afc-403b04 69->76 88 4038f9-403906 71->88 89 4038a9-4038de 71->89 86 403941-403944 72->86 83 403acc-403ada call 40690a 75->83 84 403a9d-403ac6 LookupPrivilegeValueW AdjustTokenPrivileges 75->84 80 403b06 76->80 81 403b09-403b0c ExitProcess 76->81 80->81 98 403ae8-403af3 ExitWindowsEx 83->98 99 403adc-403ae6 83->99 84->83 86->67 91 403908-403916 call 405f14 88->91 92 403949-40395d call 405b08 lstrcatW 88->92 90 4038e0-4038e4 89->90 94 4038e6-4038eb 90->94 95 4038ed-4038f5 90->95 91->67 107 40391c-403932 call 40653d * 2 91->107 105 40396a-403984 lstrcatW lstrcmpiW 92->105 106 40395f-403965 lstrcatW 92->106 94->95 100 4038f7 94->100 95->90 95->100 98->76 103 403af5-403af7 call 40140b 98->103 99->98 99->103 100->88 103->76 109 403a57 105->109 110 40398a-40398d 105->110 106->105 107->72 109->67 112 403996 call 405aeb 110->112 113 40398f-403994 call 405a6e 110->113 119 40399b-4039ab SetCurrentDirectoryW 112->119 113->119 121 4039b8-4039e4 call 40653d 119->121 122 4039ad-4039b3 call 40653d 119->122 126 4039e9-403a04 call 40657a DeleteFileW 121->126 122->121 129 403a44-403a4e 126->129 130 403a06-403a16 CopyFileW 126->130 129->126 132 403a50-403a52 call 4062fd 129->132 130->129 131 403a18-403a38 call 4062fd call 40657a call 405b20 130->131 131->129 140 403a3a-403a41 CloseHandle 131->140 132->109 140->129
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00008001), ref: 00403550
                                                                                                                                                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 00403579
                                                                                                                                                                                                                                                    • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                                                                                                                                                                                                                                                    • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                                                                                                                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 0040366A
                                                                                                                                                                                                                                                    • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                                                                                                                                                                                                                                                    • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                                                                                                                                                                                                                                                    • CharNextW.USER32(00000000,"C:\Users\user\AppData\Local\Temp\SetupEngine.exe" ,00000020,"C:\Users\user\AppData\Local\Temp\SetupEngine.exe" ,00000000), ref: 004036D6
                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
                                                                                                                                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
                                                                                                                                                                                                                                                    • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
                                                                                                                                                                                                                                                    • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(1033), ref: 0040386F
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965
                                                                                                                                                                                                                                                      • Part of subcall function 00405AEB: CreateDirectoryW.KERNEL32(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\AppData\Local\Temp\SetupEngine.exe" ,00000000,?), ref: 0040397C
                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,?), ref: 004039FB
                                                                                                                                                                                                                                                    • CopyFileW.KERNEL32(C:\Users\user\AppData\Local\Temp\SetupEngine.exe,0042AA28,00000001), ref: 00403A0E
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32(?), ref: 00403A59
                                                                                                                                                                                                                                                    • OleUninitialize.OLE32(?), ref: 00403A5E
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00403A78
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                                                                                                                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                                                                                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                                                                                                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00403B0C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                                                                                                                                                    • String ID: "C:\Users\user\AppData\Local\Temp\SetupEngine.exe" $&dsk_iosec=59474&dsk_mbsec=232&os_name=Microsoft Windows 10 Pro&os_installdate=20231003105718.000000+120&os_processes=104&os_archi$.tmp$1033$C:\Program Files (x86)\Fast!$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\SetupEngine.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                                                    • API String ID: 2292928366-3611499578
                                                                                                                                                                                                                                                    • Opcode ID: 31f77c8a8b3a3ad3f5f74e486622c6887c952165384ea8b63ade3724d5224d7f
                                                                                                                                                                                                                                                    • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 31f77c8a8b3a3ad3f5f74e486622c6887c952165384ea8b63ade3724d5224d7f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405C49 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 440 405c49-405c6f call 405f14 443 405c71-405c83 DeleteFileW 440->443 444 405c88-405c8f 440->444 445 405e05-405e09 443->445 446 405c91-405c93 444->446 447 405ca2-405cb2 call 40653d 444->447 448 405db3-405db8 446->448 449 405c99-405c9c 446->449 455 405cc1-405cc2 call 405e58 447->455 456 405cb4-405cbf lstrcatW 447->456 448->445 451 405dba-405dbd 448->451 449->447 449->448 453 405dc7-405dcf call 406873 451->453 454 405dbf-405dc5 451->454 453->445 464 405dd1-405de5 call 405e0c call 405c01 453->464 454->445 458 405cc7-405ccb 455->458 456->458 460 405cd7-405cdd lstrcatW 458->460 461 405ccd-405cd5 458->461 463 405ce2-405cfe lstrlenW FindFirstFileW 460->463 461->460 461->463 465 405d04-405d0c 463->465 466 405da8-405dac 463->466 480 405de7-405dea 464->480 481 405dfd-405e00 call 40559f 464->481 468 405d2c-405d40 call 40653d 465->468 469 405d0e-405d16 465->469 466->448 471 405dae 466->471 482 405d42-405d4a 468->482 483 405d57-405d62 call 405c01 468->483 472 405d18-405d20 469->472 473 405d8b-405d9b FindNextFileW 469->473 471->448 472->468 476 405d22-405d2a 472->476 473->465 479 405da1-405da2 FindClose 473->479 476->468 476->473 479->466 480->454 486 405dec-405dfb call 40559f call 4062fd 480->486 481->445 482->473 487 405d4c-405d55 call 405c49 482->487 491 405d83-405d86 call 40559f 483->491 492 405d64-405d67 483->492 486->445 487->473 491->473 495 405d69-405d79 call 40559f call 4062fd 492->495 496 405d7b-405d81 492->496 495->473 496->473
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,75573420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsf9748.tmp\*.*,\*.*), ref: 00405CBA
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsf9748.tmp\*.*,?,?,75573420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsf9748.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsf9748.tmp\*.*,?,?,75573420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
                                                                                                                                                                                                                                                    • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00405DA2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                    • String ID: .$.$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsf9748.tmp\*.*$\*.*
                                                                                                                                                                                                                                                    • API String ID: 2035342205-2588389581
                                                                                                                                                                                                                                                    • Opcode ID: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                                                                                                                                                                                    • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00406873 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,004302B8,C:\,00405F5D,C:\,C:\,00000000,C:\,C:\, 4Wu,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75573420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 0040688A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                    • String ID: C:\
                                                                                                                                                                                                                                                    • API String ID: 2295610775-3404278061
                                                                                                                                                                                                                                                    • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                                                                                    • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004056DE Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 141 4056de-4056f9 142 405888-40588f 141->142 143 4056ff-4057c6 GetDlgItem * 3 call 4044ce call 404e27 GetClientRect GetSystemMetrics SendMessageW * 2 141->143 145 405891-4058b3 GetDlgItem CreateThread CloseHandle 142->145 146 4058b9-4058c6 142->146 161 4057e4-4057e7 143->161 162 4057c8-4057e2 SendMessageW * 2 143->162 145->146 147 4058e4-4058ee 146->147 148 4058c8-4058ce 146->148 152 4058f0-4058f6 147->152 153 405944-405948 147->153 150 4058d0-4058df ShowWindow * 2 call 4044ce 148->150 151 405909-405912 call 404500 148->151 150->147 165 405917-40591b 151->165 158 4058f8-405904 call 404472 152->158 159 40591e-40592e ShowWindow 152->159 153->151 156 40594a-405950 153->156 156->151 163 405952-405965 SendMessageW 156->163 158->151 166 405930-405939 call 40559f 159->166 167 40593e-40593f call 404472 159->167 168 4057f7-40580e call 404499 161->168 169 4057e9-4057f5 SendMessageW 161->169 162->161 170 405a67-405a69 163->170 171 40596b-405996 CreatePopupMenu call 40657a AppendMenuW 163->171 166->167 167->153 180 405810-405824 ShowWindow 168->180 181 405844-405865 GetDlgItem SendMessageW 168->181 169->168 170->165 178 405998-4059a8 GetWindowRect 171->178 179 4059ab-4059c0 TrackPopupMenu 171->179 178->179 179->170 182 4059c6-4059dd 179->182 183 405833 180->183 184 405826-405831 ShowWindow 180->184 181->170 185 40586b-405883 SendMessageW * 2 181->185 186 4059e2-4059fd SendMessageW 182->186 187 405839-40583f call 4044ce 183->187 184->187 185->170 186->186 188 4059ff-405a22 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 186->188 187->181 190 405a24-405a4b SendMessageW 188->190 190->190 191 405a4d-405a61 GlobalUnlock SetClipboardData CloseClipboard 190->191 191->170
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000403), ref: 0040573C
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 0040574B
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00405788
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000002), ref: 0040578F
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 0040582B
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 0040584C
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F8), ref: 0040575A
                                                                                                                                                                                                                                                      • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 0040589E
                                                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_00005672,00000000), ref: 004058AC
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004058B3
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 004058D7
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00010494,00000008), ref: 004058DC
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000008), ref: 00405926
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 0040596B
                                                                                                                                                                                                                                                    • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 0040599F
                                                                                                                                                                                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                                                                                                                                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 00405A00
                                                                                                                                                                                                                                                    • EmptyClipboard.USER32 ref: 00405A06
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00405A1C
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                                                                                                                                                                                                                                                    • SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 00405A61
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                                    • String ID: <3J${
                                                                                                                                                                                                                                                    • API String ID: 590372296-190821585
                                                                                                                                                                                                                                                    • Opcode ID: 943fc32418130b232fc7306fa704d0383798a9d724e6e480ce665c9b6ea9918b
                                                                                                                                                                                                                                                    • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 943fc32418130b232fc7306fa704d0383798a9d724e6e480ce665c9b6ea9918b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00403F9A Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 192 403f9a-403fac 193 403fb2-403fb8 192->193 194 404113-404122 192->194 193->194 195 403fbe-403fc7 193->195 196 404171-404186 194->196 197 404124-40416c GetDlgItem * 2 call 404499 SetClassLongW call 40140b 194->197 198 403fc9-403fd6 SetWindowPos 195->198 199 403fdc-403fe3 195->199 201 4041c6-4041cb call 4044e5 196->201 202 404188-40418b 196->202 197->196 198->199 206 403fe5-403fff ShowWindow 199->206 207 404027-40402d 199->207 211 4041d0-4041eb 201->211 203 40418d-404198 call 401389 202->203 204 4041be-4041c0 202->204 203->204 228 40419a-4041b9 SendMessageW 203->228 204->201 210 404466 204->210 212 404100-40410e call 404500 206->212 213 404005-404018 GetWindowLongW 206->213 214 404046-404049 207->214 215 40402f-404041 DestroyWindow 207->215 222 404468-40446f 210->222 219 4041f4-4041fa 211->219 220 4041ed-4041ef call 40140b 211->220 212->222 213->212 221 40401e-404021 ShowWindow 213->221 225 40404b-404057 SetWindowLongW 214->225 226 40405c-404062 214->226 223 404443-404449 215->223 232 404200-40420b 219->232 233 404424-40443d DestroyWindow KiUserCallbackDispatcher 219->233 220->219 221->207 223->210 231 40444b-404451 223->231 225->222 226->212 227 404068-404077 GetDlgItem 226->227 234 404096-404099 227->234 235 404079-404090 SendMessageW IsWindowEnabled 227->235 228->222 231->210 236 404453-40445c ShowWindow 231->236 232->233 237 404211-40425e call 40657a call 404499 * 3 GetDlgItem 232->237 233->223 238 40409b-40409c 234->238 239 40409e-4040a1 234->239 235->210 235->234 236->210 264 404260-404265 237->264 265 404268-4042a4 ShowWindow KiUserCallbackDispatcher call 4044bb EnableWindow 237->265 241 4040cc-4040d1 call 404472 238->241 242 4040a3-4040a9 239->242 243 4040af-4040b4 239->243 241->212 245 4040ea-4040fa SendMessageW 242->245 246 4040ab-4040ad 242->246 243->245 247 4040b6-4040bc 243->247 245->212 246->241 251 4040d3-4040dc call 40140b 247->251 252 4040be-4040c4 call 40140b 247->252 251->212 261 4040de-4040e8 251->261 262 4040ca 252->262 261->262 262->241 264->265 268 4042a6-4042a7 265->268 269 4042a9 265->269 270 4042ab-4042d9 GetSystemMenu EnableMenuItem SendMessageW 268->270 269->270 271 4042db-4042ec SendMessageW 270->271 272 4042ee 270->272 273 4042f4-404333 call 4044ce call 403f7b call 40653d lstrlenW call 40657a SetWindowTextW call 401389 271->273 272->273 273->211 284 404339-40433b 273->284 284->211 285 404341-404345 284->285 286 404364-404378 DestroyWindow 285->286 287 404347-40434d 285->287 286->223 289 40437e-4043ab CreateDialogParamW 286->289 287->210 288 404353-404359 287->288 288->211 291 40435f 288->291 289->223 290 4043b1-404408 call 404499 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 289->290 290->210 296 40440a-40441d ShowWindow call 4044e5 290->296 291->210 298 404422 296->298 298->223
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?), ref: 00403FF6
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000004), ref: 00404021
                                                                                                                                                                                                                                                    • DestroyWindow.USER32 ref: 00404035
                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 0040406D
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                                                                                                                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 00404088
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00404133
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 0040413D
                                                                                                                                                                                                                                                    • SetClassLongW.USER32(?,000000F2,?), ref: 00404157
                                                                                                                                                                                                                                                    • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000003), ref: 0040424E
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?), ref: 0040426F
                                                                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
                                                                                                                                                                                                                                                    • EnableWindow.USER32(?,?), ref: 0040429C
                                                                                                                                                                                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                                                                                                                                                                                                                                                    • EnableMenuItem.USER32(00000000), ref: 004042B9
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,0000000A), ref: 00404456
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                    • String ID: <3J
                                                                                                                                                                                                                                                    • API String ID: 121052019-2958166104
                                                                                                                                                                                                                                                    • Opcode ID: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
                                                                                                                                                                                                                                                    • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00403BEC Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 299 403bec-403c04 call 40690a 302 403c06-403c16 call 406484 299->302 303 403c18-403c4f call 40640b 299->303 310 403c72-403c9b call 403ec2 call 405f14 302->310 308 403c51-403c62 call 40640b 303->308 309 403c67-403c6d lstrcatW 303->309 308->309 309->310 317 403ca1-403ca6 310->317 318 403d2d-403d35 call 405f14 310->318 317->318 319 403cac-403cd4 call 40640b 317->319 324 403d43-403d68 LoadImageW 318->324 325 403d37-403d3e call 40657a 318->325 319->318 326 403cd6-403cda 319->326 328 403de9-403df1 call 40140b 324->328 329 403d6a-403d9a RegisterClassW 324->329 325->324 331 403cec-403cf8 lstrlenW 326->331 332 403cdc-403ce9 call 405e39 326->332 341 403df3-403df6 328->341 342 403dfb-403e06 call 403ec2 328->342 333 403da0-403de4 SystemParametersInfoW CreateWindowExW 329->333 334 403eb8 329->334 338 403d20-403d28 call 405e0c call 40653d 331->338 339 403cfa-403d08 lstrcmpiW 331->339 332->331 333->328 337 403eba-403ec1 334->337 338->318 339->338 340 403d0a-403d14 GetFileAttributesW 339->340 345 403d16-403d18 340->345 346 403d1a-403d1b call 405e58 340->346 341->337 352 403e0c-403e26 ShowWindow call 40689a 342->352 353 403e8f-403e90 call 405672 342->353 345->338 345->346 346->338 360 403e32-403e44 GetClassInfoW 352->360 361 403e28-403e2d call 40689a 352->361 356 403e95-403e97 353->356 358 403eb1-403eb3 call 40140b 356->358 359 403e99-403e9f 356->359 358->334 359->341 362 403ea5-403eac call 40140b 359->362 365 403e46-403e56 GetClassInfoW RegisterClassW 360->365 366 403e5c-403e7f DialogBoxParamW call 40140b 360->366 361->360 362->341 365->366 369 403e84-403e8d call 403b3c 366->369 369->337
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                                                                                      • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files (x86)\Fast!,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,75573420), ref: 00403CED
                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files (x86)\Fast!,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(Remove folder: ,?,00000000,?), ref: 00403D0B
                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files (x86)\Fast!), ref: 00403D54
                                                                                                                                                                                                                                                      • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                                                                                    • RegisterClassW.USER32(00433EA0), ref: 00403D91
                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
                                                                                                                                                                                                                                                    • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                                                                                                                                                                                                                                                    • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
                                                                                                                                                                                                                                                    • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
                                                                                                                                                                                                                                                    • RegisterClassW.USER32(00433EA0), ref: 00403E56
                                                                                                                                                                                                                                                    • DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                    • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                                                    • API String ID: 1975747703-4229781915
                                                                                                                                                                                                                                                    • Opcode ID: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
                                                                                                                                                                                                                                                    • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040307D Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 373 40307d-4030cb GetTickCount GetModuleFileNameW call 40602d 376 4030d7-403105 call 40653d call 405e58 call 40653d GetFileSize 373->376 377 4030cd-4030d2 373->377 385 4031f0-4031fe call 403019 376->385 386 40310b 376->386 378 4032ad-4032b1 377->378 392 403200-403203 385->392 393 403253-403258 385->393 388 403110-403127 386->388 390 403129 388->390 391 40312b-403134 call 4034cf 388->391 390->391 399 40325a-403262 call 403019 391->399 400 40313a-403141 391->400 395 403205-40321d call 4034e5 call 4034cf 392->395 396 403227-403251 GlobalAlloc call 4034e5 call 4032b4 392->396 393->378 395->393 419 40321f-403225 395->419 396->393 424 403264-403275 396->424 399->393 404 403143-403157 call 405fe8 400->404 405 4031bd-4031c1 400->405 410 4031cb-4031d1 404->410 422 403159-403160 404->422 409 4031c3-4031ca call 403019 405->409 405->410 409->410 415 4031e0-4031e8 410->415 416 4031d3-4031dd call 4069f7 410->416 415->388 423 4031ee 415->423 416->415 419->393 419->396 422->410 428 403162-403169 422->428 423->385 425 403277 424->425 426 40327d-403282 424->426 425->426 429 403283-403289 426->429 428->410 430 40316b-403172 428->430 429->429 431 40328b-4032a6 SetFilePointer call 405fe8 429->431 430->410 432 403174-40317b 430->432 436 4032ab 431->436 432->410 433 40317d-40319d 432->433 433->393 435 4031a3-4031a7 433->435 437 4031a9-4031ad 435->437 438 4031af-4031b7 435->438 436->378 437->423 437->438 438->410 439 4031b9-4031bb 438->439 439->410
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 0040308E
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                                                                                                                                                                                                                                                      • Part of subcall function 0040602D: GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                                                      • Part of subcall function 0040602D: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\SetupEngine.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                                                                                                                                                                                                                                                    • API String ID: 2803837635-142546187
                                                                                                                                                                                                                                                    • Opcode ID: 1dea39ccc6c39406b0d997d68cfd0a58dedaebe218e2b7937ece93c5b698421c
                                                                                                                                                                                                                                                    • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1dea39ccc6c39406b0d997d68cfd0a58dedaebe218e2b7937ece93c5b698421c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040657A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 504 40657a-406585 505 406587-406596 504->505 506 406598-4065ae 504->506 505->506 507 4065b0-4065bd 506->507 508 4065c6-4065cf 506->508 507->508 509 4065bf-4065c2 507->509 510 4065d5 508->510 511 4067aa-4067b5 508->511 509->508 512 4065da-4065e7 510->512 513 4067c0-4067c1 511->513 514 4067b7-4067bb call 40653d 511->514 512->511 515 4065ed-4065f6 512->515 514->513 517 406788 515->517 518 4065fc-406639 515->518 521 406796-406799 517->521 522 40678a-406794 517->522 519 40672c-406731 518->519 520 40663f-406646 518->520 526 406733-406739 519->526 527 406764-406769 519->527 523 406648-40664a 520->523 524 40664b-40664d 520->524 525 40679b-4067a4 521->525 522->525 523->524 528 40668a-40668d 524->528 529 40664f-40666d call 40640b 524->529 525->511 532 4065d7 525->532 533 406749-406755 call 40653d 526->533 534 40673b-406747 call 406484 526->534 530 406778-406786 lstrlenW 527->530 531 40676b-406773 call 40657a 527->531 538 40669d-4066a0 528->538 539 40668f-40669b GetSystemDirectoryW 528->539 543 406672-406676 529->543 530->525 531->530 532->512 542 40675a-406760 533->542 534->542 545 4066a2-4066b0 GetWindowsDirectoryW 538->545 546 406709-40670b 538->546 544 40670d-406711 539->544 542->530 547 406762 542->547 549 406713-406717 543->549 550 40667c-406685 call 40657a 543->550 544->549 551 406724-40672a call 4067c4 544->551 545->546 546->544 548 4066b2-4066ba 546->548 547->551 555 4066d1-4066e7 SHGetSpecialFolderLocation 548->555 556 4066bc-4066c5 548->556 549->551 552 406719-40671f lstrcatW 549->552 550->544 551->530 552->551 557 406705 555->557 558 4066e9-406703 SHGetPathFromIDListW CoTaskMemFree 555->558 561 4066cd-4066cf 556->561 557->546 558->544 558->557 561->544 561->555
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(Remove folder: ,00000400), ref: 00406695
                                                                                                                                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(Remove folder: ,00000400,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,00000000,00000000,0042528A,755723A0), ref: 004066A8
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                                                                                                                                                    • String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                    • API String ID: 4260037668-4071883374
                                                                                                                                                                                                                                                    • Opcode ID: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
                                                                                                                                                                                                                                                    • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004032B4 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 166COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 562 4032b4-4032cb 563 4032d4-4032dd 562->563 564 4032cd 562->564 565 4032e6-4032eb 563->565 566 4032df 563->566 564->563 567 4032fb-403308 call 4034cf 565->567 568 4032ed-4032f6 call 4034e5 565->568 566->565 572 4034bd 567->572 573 40330e-403312 567->573 568->567 574 4034bf-4034c0 572->574 575 403468-40346a 573->575 576 403318-403361 GetTickCount 573->576 577 4034c8-4034cc 574->577 580 4034aa-4034ad 575->580 581 40346c-40346f 575->581 578 4034c5 576->578 579 403367-40336f 576->579 578->577 582 403371 579->582 583 403374-403382 call 4034cf 579->583 584 4034b2-4034bb call 4034cf 580->584 585 4034af 580->585 581->578 586 403471 581->586 582->583 583->572 595 403388-403391 583->595 584->572 596 4034c2 584->596 585->584 587 403474-40347a 586->587 590 40347c 587->590 591 40347e-40348c call 4034cf 587->591 590->591 591->572 599 40348e-403493 call 4060df 591->599 598 403397-4033b7 call 406a65 595->598 596->578 604 403460-403462 598->604 605 4033bd-4033d0 GetTickCount 598->605 603 403498-40349a 599->603 606 403464-403466 603->606 607 40349c-4034a6 603->607 604->574 608 4033d2-4033da 605->608 609 40341b-40341d 605->609 606->574 607->587 612 4034a8 607->612 613 4033e2-403413 MulDiv wsprintfW call 40559f 608->613 614 4033dc-4033e0 608->614 610 403454-403458 609->610 611 40341f-403423 609->611 610->579 617 40345e 610->617 615 403425-40342c call 4060df 611->615 616 40343a-403445 611->616 612->578 621 403418 613->621 614->609 614->613 622 403431-403433 615->622 620 403448-40344c 616->620 617->578 620->598 623 403452 620->623 621->609 622->606 624 403435-403438 622->624 623->578 624->620
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CountTick$wsprintf
                                                                                                                                                                                                                                                    • String ID: *B$ A$ A$... %d%%$}8@
                                                                                                                                                                                                                                                    • API String ID: 551687249-3029848762
                                                                                                                                                                                                                                                    • Opcode ID: dac142f1bd8b58d46ec5ce0932f2b3f247fbee8c78603e198082076923a37247
                                                                                                                                                                                                                                                    • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dac142f1bd8b58d46ec5ce0932f2b3f247fbee8c78603e198082076923a37247
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 625 40176f-401794 call 402da6 call 405e83 630 401796-40179c call 40653d 625->630 631 40179e-4017b0 call 40653d call 405e0c lstrcatW 625->631 636 4017b5-4017b6 call 4067c4 630->636 631->636 640 4017bb-4017bf 636->640 641 4017c1-4017cb call 406873 640->641 642 4017f2-4017f5 640->642 649 4017dd-4017ef 641->649 650 4017cd-4017db CompareFileTime 641->650 643 4017f7-4017f8 call 406008 642->643 644 4017fd-401819 call 40602d 642->644 643->644 652 40181b-40181e 644->652 653 40188d-4018b6 call 40559f call 4032b4 644->653 649->642 650->649 654 401820-40185e call 40653d * 2 call 40657a call 40653d call 405b9d 652->654 655 40186f-401879 call 40559f 652->655 665 4018b8-4018bc 653->665 666 4018be-4018ca SetFileTime 653->666 654->640 687 401864-401865 654->687 667 401882-401888 655->667 665->666 669 4018d0-4018db FindCloseChangeNotification 665->669 666->669 670 402c33 667->670 673 4018e1-4018e4 669->673 674 402c2a-402c2d 669->674 675 402c35-402c39 670->675 677 4018e6-4018f7 call 40657a lstrcatW 673->677 678 4018f9-4018fc call 40657a 673->678 674->670 684 401901-4023a2 call 405b9d 677->684 678->684 684->674 684->675 687->667 689 401867-401868 687->689 689->655
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                                                                                                                                    • CompareFileTime.KERNEL32(-00000014,?,"C:\Program Files (x86)\Fast!\Fast!.exe","C:\Program Files (x86)\Fast!\Fast!.exe",00000000,00000000,"C:\Program Files (x86)\Fast!\Fast!.exe",C:\Program Files (x86)\Fast!,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                                                                      • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,00000000,0042528A,755723A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,00000000,0042528A,755723A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\), ref: 0040560C
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                                    • String ID: "C:\Program Files (x86)\Fast!\Fast!.exe"$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\nsf9748.tmp$C:\Users\user\AppData\Local\Temp\nsf9748.tmp\inetc.dll
                                                                                                                                                                                                                                                    • API String ID: 1941528284-4210238493
                                                                                                                                                                                                                                                    • Opcode ID: ab293c35546dfc3782223427498d6aa4f9bfee0ec5176a09a0fb6643c1be96c6
                                                                                                                                                                                                                                                    • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab293c35546dfc3782223427498d6aa4f9bfee0ec5176a09a0fb6643c1be96c6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 691 40559f-4055b4 692 4055ba-4055cb 691->692 693 40566b-40566f 691->693 694 4055d6-4055e2 lstrlenW 692->694 695 4055cd-4055d1 call 40657a 692->695 697 4055e4-4055f4 lstrlenW 694->697 698 4055ff-405603 694->698 695->694 697->693 699 4055f6-4055fa lstrcatW 697->699 700 405612-405616 698->700 701 405605-40560c SetWindowTextW 698->701 699->698 702 405618-40565a SendMessageW * 3 700->702 703 40565c-40565e 700->703 701->700 702->703 703->693 704 405660-405663 703->704 704->693
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,00000000,0042528A,755723A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,00000000,0042528A,755723A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\), ref: 0040560C
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                                      • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                                      • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                                                                                                                                                    • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\
                                                                                                                                                                                                                                                    • API String ID: 1495540970-1199026676
                                                                                                                                                                                                                                                    • Opcode ID: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
                                                                                                                                                                                                                                                    • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 705 4026ec-402705 call 402d84 708 402c2a-402c2d 705->708 709 40270b-402712 705->709 712 402c33-402c39 708->712 710 402714 709->710 711 402717-40271a 709->711 710->711 713 402720-40272f call 40649d 711->713 714 40287e-402886 711->714 713->714 718 402735 713->718 714->708 719 40273b-40273f 718->719 720 4027d4-4027d7 719->720 721 402745-402760 ReadFile 719->721 722 4027d9-4027dc 720->722 723 4027ef-4027ff call 4060b0 720->723 721->714 724 402766-40276b 721->724 722->723 725 4027de-4027e9 call 40610e 722->725 723->714 734 402801 723->734 724->714 727 402771-40277f 724->727 725->714 725->723 730 402785-402797 MultiByteToWideChar 727->730 731 40283a-402846 call 406484 727->731 730->734 735 402799-40279c 730->735 731->712 737 402804-402807 734->737 738 40279e-4027a9 735->738 737->731 739 402809-40280e 737->739 738->737 740 4027ab-4027d0 SetFilePointer MultiByteToWideChar 738->740 742 402810-402815 739->742 743 40284b-40284f 739->743 740->738 741 4027d2 740->741 741->734 742->743 746 402817-40282a 742->746 744 402851-402855 743->744 745 40286c-402878 SetFilePointer 743->745 747 402857-40285b 744->747 748 40285d-40286a 744->748 745->714 746->714 749 40282c-402832 746->749 747->745 747->748 748->714 749->719 750 402838 749->750 750->714
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                                                                                                                                                      • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                                                    • String ID: 9
                                                                                                                                                                                                                                                    • API String ID: 163830602-2366072709
                                                                                                                                                                                                                                                    • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                                                                                    • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 751 40689a-4068ba GetSystemDirectoryW 752 4068bc 751->752 753 4068be-4068c0 751->753 752->753 754 4068d1-4068d3 753->754 755 4068c2-4068cb 753->755 757 4068d4-406907 wsprintfW LoadLibraryExW 754->757 755->754 756 4068cd-4068cf 755->756 756->757
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                                    • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                                                    • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                                                    • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                                                                                    • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 758 402950-402969 call 402da6 call 405e83 763 402972-40298b call 406008 call 40602d 758->763 764 40296b-40296d call 402da6 758->764 770 402991-40299a 763->770 771 402a3b-402a40 763->771 764->763 772 4029a0-4029b7 GlobalAlloc 770->772 773 402a23-402a2b call 4032b4 770->773 774 402a42-402a4e DeleteFileW 771->774 775 402a55 771->775 772->773 776 4029b9-4029d6 call 4034e5 call 4034cf GlobalAlloc 772->776 779 402a30-402a35 CloseHandle 773->779 774->775 783 4029d8-4029e0 call 4032b4 776->783 784 402a0c-402a13 call 4060df 776->784 779->771 787 4029e5 783->787 788 402a18-402a1f GlobalFree 784->788 789 4029ff-402a01 787->789 788->773 790 402a03-402a06 GlobalFree 789->790 791 4029e7-4029fc call 405fe8 789->791 790->784 791->789
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2667972263-0
                                                                                                                                                                                                                                                    • Opcode ID: 1e4de5253702851df6d0b6f642b82d6f2ecc2e1b33ad35e1f152e248e008f3c4
                                                                                                                                                                                                                                                    • Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e4de5253702851df6d0b6f642b82d6f2ecc2e1b33ad35e1f152e248e008f3c4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405F14 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 794 405f14-405f2f call 40653d call 405eb7 799 405f31-405f33 794->799 800 405f35-405f42 call 4067c4 794->800 801 405f8d-405f8f 799->801 804 405f52-405f56 800->804 805 405f44-405f4a 800->805 806 405f6c-405f75 lstrlenW 804->806 805->799 807 405f4c-405f50 805->807 808 405f77-405f8b call 405e0c GetFileAttributesW 806->808 809 405f58-405f5f call 406873 806->809 807->799 807->804 808->801 814 405f61-405f64 809->814 815 405f66-405f67 call 405e58 809->815 814->799 814->815 815->806
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                                                                                      • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\, 4Wu,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75573420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                                                      • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                                                      • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\, 4Wu,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75573420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\, 4Wu,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75573420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                                    • String ID: 4Wu$C:\$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                    • API String ID: 3248276644-3726379035
                                                                                                                                                                                                                                                    • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                                                                                    • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 817 405a6e-405ab9 CreateDirectoryW 818 405abb-405abd 817->818 819 405abf-405acc GetLastError 817->819 820 405ae6-405ae8 818->820 819->820 821 405ace-405ae2 SetFileSecurityW 819->821 821->818 822 405ae4 GetLastError 821->822 822->820
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00405AC5
                                                                                                                                                                                                                                                    • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00405AE4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                    • API String ID: 3449924974-4083868402
                                                                                                                                                                                                                                                    • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                                                                                    • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                    • String ID: !
                                                                                                                                                                                                                                                    • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                    • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                                                                                    • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsf9748.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                                                                                                                                                                                    • RegSetValueExW.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsf9748.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsf9748.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseValuelstrlen
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsf9748.tmp
                                                                                                                                                                                                                                                    • API String ID: 2655323295-1804388404
                                                                                                                                                                                                                                                    • Opcode ID: eb1a2893963f699a3576f9d9343ac39c609614edfb45ea7287c3b3745176a0f7
                                                                                                                                                                                                                                                    • Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb1a2893963f699a3576f9d9343ac39c609614edfb45ea7287c3b3745176a0f7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 0040607A
                                                                                                                                                                                                                                                    • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                                                    • API String ID: 1716503409-1331003597
                                                                                                                                                                                                                                                    • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                                                                                    • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\, 4Wu,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75573420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                                                      • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                                                      • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                                                                      • Part of subcall function 00405A6E: CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,C:\Program Files (x86)\Fast!,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Fast!, xrefs: 00401640
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                                                    • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                                                    • API String ID: 1892508949-1788482285
                                                                                                                                                                                                                                                    • Opcode ID: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                                                                                                                                                    • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401F12 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00405B63: ShellExecuteExW.SHELL32(?), ref: 00405B72
                                                                                                                                                                                                                                                      • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                                                                                                                                                      • Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8
                                                                                                                                                                                                                                                    • FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ChangeCloseCodeExecuteExitFindNotificationObjectProcessShellSingleWait
                                                                                                                                                                                                                                                    • String ID: @$C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                                                    • API String ID: 4215836453-1939985250
                                                                                                                                                                                                                                                    • Opcode ID: a67ec0d71784c57903e6e19cce9d8927263f5937a446752ff53b440bc5899183
                                                                                                                                                                                                                                                    • Instruction ID: 706d8f23dd4fc365793d21c3b3cee38f3579e955c6bce5a1691758ef83551cc9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a67ec0d71784c57903e6e19cce9d8927263f5937a446752ff53b440bc5899183
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20115B71E042189ADB50EFB9CA49B8CB6F4BF04304F24447AE405F72C1EBBC89459B18
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040640B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Remove folder: ,?,?,00406672,80000002), ref: 00406451
                                                                                                                                                                                                                                                    • RegCloseKey.KERNEL32(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\), ref: 0040645C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseQueryValue
                                                                                                                                                                                                                                                    • String ID: Remove folder:
                                                                                                                                                                                                                                                    • API String ID: 3356406503-1958208860
                                                                                                                                                                                                                                                    • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                                                                                    • Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,75573420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00403B78
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                    • API String ID: 1100898210-4083868402
                                                                                                                                                                                                                                                    • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                                                                                    • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 00402103
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,00000000,0042528A,755723A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,00000000,0042528A,755723A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\), ref: 0040560C
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 334405425-0
                                                                                                                                                                                                                                                    • Opcode ID: 0812a69665cf11e377adb3684f8a171474585e26745252b9346dd4e1bc3f05c7
                                                                                                                                                                                                                                                    • Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0812a69665cf11e377adb3684f8a171474585e26745252b9346dd4e1bc3f05c7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(046CB2E0), ref: 00401C0B
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000804), ref: 00401C1D
                                                                                                                                                                                                                                                      • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                                      • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Global$AllocFreelstrcatlstrlen
                                                                                                                                                                                                                                                    • String ID: "C:\Program Files (x86)\Fast!\Fast!.exe"
                                                                                                                                                                                                                                                    • API String ID: 3292104215-3718641704
                                                                                                                                                                                                                                                    • Opcode ID: cecd7903579db09396e99fcb4041446ac8fea00c0e28d0f13f956e9ee607e8f0
                                                                                                                                                                                                                                                    • Instruction ID: 7c0f58a685d1fc6dd3685da305ee1819882fb4420ac17dc2787245939102450a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cecd7903579db09396e99fcb4041446ac8fea00c0e28d0f13f956e9ee607e8f0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B21D872904210EBDB20AFA8EE84A5E73B4EB04715755063BF552F72D0D7B8AC414B9D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405C01 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00406008: GetFileAttributesW.KERNEL32(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                                                                                      • Part of subcall function 00406008: SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,?,?,00000000,00405DE3), ref: 00405C1C
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000000,00405DE3), ref: 00405C24
                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405C3C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1655745494-0
                                                                                                                                                                                                                                                    • Opcode ID: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                                                                                                                                                    • Instruction ID: 0274c5225d47ddc366315f3a2fda4b694ad97aa72442a0e2fcdbaf00fd257d87
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4E0E53110CF9156E61457309E08F5F2AD8EF86715F05493EF892B10C0CBB848068E6A
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004069B5 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 004069DB
                                                                                                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ObjectSingleWait$CodeExitProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2567322000-0
                                                                                                                                                                                                                                                    • Opcode ID: 5001a44abd0e5b0949431453b9a2c42ce6d4f473903e6ae1ef305ee8f225f71a
                                                                                                                                                                                                                                                    • Instruction ID: f5f2e02d25af80b97bb350a16654da7f97250589dc800b1049f4071f8343982b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5001a44abd0e5b0949431453b9a2c42ce6d4f473903e6ae1ef305ee8f225f71a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0CE0D8B1A00118FBDB109F54DE05E9E7B6EDF44750F110033FA01B6590D7B19E25DB94
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Fast!, xrefs: 00402269
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateInstance
                                                                                                                                                                                                                                                    • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                                                    • API String ID: 542301482-1788482285
                                                                                                                                                                                                                                                    • Opcode ID: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                                                                                                                                                    • Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                    • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                                                                                    • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                                                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$EnableShow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1136574915-0
                                                                                                                                                                                                                                                    • Opcode ID: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                                                                                                                                                    • Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405B20 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3712363035-0
                                                                                                                                                                                                                                                    • Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                                                                                                                                                    • Instruction ID: 0547baa0b497a95b6ed0e8f273b1969b1ac2c9598ef2001c301bcde660c6e2d6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3EE092B4600209BFEB10AB64AE49F7B7AACEB04704F004565BA51E61A1DB78E8158A78
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                                                                                      • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                                                                                      • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                                                                                      • Part of subcall function 0040689A: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2547128583-0
                                                                                                                                                                                                                                                    • Opcode ID: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                                                                                                                                                    • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 415043291-0
                                                                                                                                                                                                                                                    • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                                                                                    • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                                    • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                                                    • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00403B12 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(FFFFFFFF,00403A5E,?), ref: 00403B1D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\nsf9748.tmp\, xrefs: 00403B31
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\
                                                                                                                                                                                                                                                    • API String ID: 2962429428-2432731695
                                                                                                                                                                                                                                                    • Opcode ID: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                                                                                                                                                    • Instruction ID: 74b342ff74dc5917d60848dc34610585f5de2c5243f802b65b47dd8438b48b4d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5EC0123050470056D1646F749E4FE153B64AB4073EB600325B0F9B10F1CB3C5759895D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00405AFF
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1375471231-0
                                                                                                                                                                                                                                                    • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                                                                                    • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401FA4 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,00000000,0042528A,755723A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,00000000,0042528A,755723A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\), ref: 0040560C
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                                                                                      • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                                                                                      • Part of subcall function 00405B20: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                                                                                                                                                      • Part of subcall function 00405B20: CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                                                                                                                                                    • FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                                                                                                                                                      • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                                                                                                                                                      • Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8
                                                                                                                                                                                                                                                      • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1543427666-0
                                                                                                                                                                                                                                                    • Opcode ID: ce2c2b897b5b7a5940bd958f4af0b0a61f650836c27f4d249739cb61e324a33b
                                                                                                                                                                                                                                                    • Instruction ID: a015d294fcb9cc4e365613bb9e09bf6e78b00889af70ee47f703a6c6056ea9c8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce2c2b897b5b7a5940bd958f4af0b0a61f650836c27f4d249739cb61e324a33b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2DF09072904112EBCB21BBA59A84EDE76E8DF01318F25403BE102B21D1D77C4E429A6E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402891 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,?,00000000,?,?), ref: 004028AF
                                                                                                                                                                                                                                                      • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FilePointerwsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 327478801-0
                                                                                                                                                                                                                                                    • Opcode ID: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                                                                                                                                                                                                    • Instruction ID: a13d1cf18dcce6f7d85bed0b4e0fde0de6b16079219dfacd376ffc086bc6f252
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3E09271A04105BFDB01EFA5AE499AEB3B8EF44319B10483BF102F00C1DA794D119B2D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004063D8 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegCreateKeyExW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 00406401
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Create
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                                                                                                                                    • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                                                                                                    • Instruction ID: ccab944935cfefb85f0e849ce69279fb55db75a3b7fb0960311cd9d36817041a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04E0E6B2010109BFEF095F90DC0AD7B3B1DE704300F01892EFD06D4091E6B5AD306675
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileWrite
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3934441357-0
                                                                                                                                                                                                                                                    • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                                                    • Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                                                                                                    • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                                                    • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004063AA Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,00406438,?,00000000,?,?,Remove folder: ,?), ref: 004063CE
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Open
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 71445658-0
                                                                                                                                                                                                                                                    • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                                                    • Instruction ID: 4361357c0318622cec318f667d88df30c4c29b75262f7bca7234b06b46464da2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83D0123210020EBBDF115F91AD01FAB3B5DAB08310F014426FE06E40A1D775D530A764
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00404499 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                                      • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(?,?,00000000), ref: 004044B3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ItemTextlstrcatlstrlen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 281422827-0
                                                                                                                                                                                                                                                    • Opcode ID: 90e9d348aac44dd859050291e9807f2f15480ffb268b4e012463b180631e3b26
                                                                                                                                                                                                                                                    • Instruction ID: 6ac98b26730712a62f5b3967fa7f39b4c61dbbfa6ef1674fce18da22a1fc1fc0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90e9d348aac44dd859050291e9807f2f15480ffb268b4e012463b180631e3b26
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3C08C35008200BFD641A714EC42F0FB7A8FFA031AF00C42EB05CA10D1C63494208A2A
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(0001048C,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                    • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                                                                                    • Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405B63 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ShellExecuteExW.SHELL32(?), ref: 00405B72
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExecuteShell
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 587946157-0
                                                                                                                                                                                                                                                    • Opcode ID: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                                                                                                                                                    • Instruction ID: 155326c85e208380d9db810c36285a9e1b4200be200639c8195ffcf147e959ee
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BEC092B2000200EFE301CF80CB09F067BE8AF54306F028068E185DA060C7788840CB29
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                    • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                                                                                    • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                                                    • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                                                    • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                                                                                                                    • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                                                                                    • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Sleep
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3472027048-0
                                                                                                                                                                                                                                                    • Opcode ID: 0247c60e4c81cd0d93bf07655b107266fb29897d22759340ec027b86c090604d
                                                                                                                                                                                                                                                    • Instruction ID: 7e4bd3fa72896d3e54e8b4d9ea8ddceac118c8145159a7c2ee745a60f6c60e84
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0247c60e4c81cd0d93bf07655b107266fb29897d22759340ec027b86c090604d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8DD0A773B141018BD704EBFCFE8545E73E8EB503293208C37D402E10D1E678C846461C
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F9), ref: 00404F1E
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000408), ref: 00404F29
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                                                                                                                                                                                                                                                    • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
                                                                                                                                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                                                                                                                                                                                                                                                    • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00405000
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                                                                                                                                                                                                                                                      • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000005), ref: 00405162
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 00405330
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00405340
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 004054EA
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FE), ref: 004054F5
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 004054FC
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                    • String ID: $M$N
                                                                                                                                                                                                                                                    • API String ID: 2564846305-813528018
                                                                                                                                                                                                                                                    • Opcode ID: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
                                                                                                                                                                                                                                                    • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00404658 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 0040470A
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                                                                                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 00404738
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00404759
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000040A), ref: 004047D4
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000), ref: 004047DB
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 00404806
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                                                                                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 0040485A
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                                                                                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 00404876
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                                                                    • String ID: <3J$N$Remove folder:
                                                                                                                                                                                                                                                    • API String ID: 3103080414-3846938079
                                                                                                                                                                                                                                                    • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                                                                                    • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                                    • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                                    • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                                    • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                    • String ID: F
                                                                                                                                                                                                                                                    • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                    • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                                                                                    • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040498A Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FB), ref: 004049D9
                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00404A03
                                                                                                                                                                                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(Remove folder: ,0042D268,00000000,?,?), ref: 00404AF1
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,Remove folder: ), ref: 00404AFD
                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F
                                                                                                                                                                                                                                                      • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                                                                                                                                                                                                                                                      • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,75573420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                                                                                      • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                                                                                      • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,75573420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                                                                                      • Part of subcall function 004067C4: CharPrevW.USER32(?,?,75573420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                                                                                                                                                                                                                                                      • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                                                                                      • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                                                                                      • Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                    • String ID: <3J$A$C:\Program Files (x86)\Fast!$Remove folder:
                                                                                                                                                                                                                                                    • API String ID: 2624150263-2216784531
                                                                                                                                                                                                                                                    • Opcode ID: fab986b41fe51bcb83dfe55d65232c7215597a26c5e3df290e301c6af6088bb7
                                                                                                                                                                                                                                                    • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fab986b41fe51bcb83dfe55d65232c7215597a26c5e3df290e301c6af6088bb7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                                                                                                                                                                                                    • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                                                                                                                                                                                                      • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                                                                                      • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                                                                                    • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00406202
                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                                                                                                                                                                                                    • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 004062EB
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                                                                                                                                                                                                                                                      • Part of subcall function 0040602D: GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                                                                                      • Part of subcall function 0040602D: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                                                                    • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                                                                                    • API String ID: 2171350718-461813615
                                                                                                                                                                                                                                                    • Opcode ID: 8d52cae6b0df5babf044fe540a8f61f10365d92318d6db6e700b5564579bcd37
                                                                                                                                                                                                                                                    • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d52cae6b0df5babf044fe540a8f61f10365d92318d6db6e700b5564579bcd37
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000000), ref: 0040455B
                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00404567
                                                                                                                                                                                                                                                    • SetBkMode.GDI32(?,?), ref: 00404573
                                                                                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 00404586
                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 00404596
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004045B0
                                                                                                                                                                                                                                                    • CreateBrushIndirect.GDI32(?), ref: 004045BA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2320649405-0
                                                                                                                                                                                                                                                    • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                                                    • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CharNextW.USER32(?,*?|<>/":,00000000,00000000,75573420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                                                                                    • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                                                                                    • CharNextW.USER32(?,00000000,75573420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                                                                                    • CharPrevW.USER32(?,?,75573420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                    • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                    • API String ID: 589700163-2246974252
                                                                                                                                                                                                                                                    • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                                                                                    • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                                                                                                                                                                                                                                                    • GetMessagePos.USER32 ref: 00404E77
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00404E91
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                    • String ID: f
                                                                                                                                                                                                                                                    • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                    • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                                                    • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401E4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 00401E51
                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                                                                                                                                                      • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                                                                                      • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsf9748.tmp\,00000000), ref: 00406779
                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                                                                                                                                                    • String ID: MS Shell Dlg
                                                                                                                                                                                                                                                    • API String ID: 2584051700-76309092
                                                                                                                                                                                                                                                    • Opcode ID: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
                                                                                                                                                                                                                                                    • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(0030CC0B,00000064,0030F578), ref: 00402FDC
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00402FEC
                                                                                                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • verifying installer: %d%%, xrefs: 00402FE6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                    • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                    • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                    • Opcode ID: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                                                                                                                                                    • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                                                                                                                                                    • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1354259210-0
                                                                                                                                                                                                                                                    • Opcode ID: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                                                                                                                                                    • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                                                                                                                                                    • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1849352358-0
                                                                                                                                                                                                                                                    • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                                                                                    • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                                                                                    • SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                    • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                    • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                    • Opcode ID: ef5a487acd93c416279d422af54232d8d0333c49029b07dfc4f1175e68c26d0a
                                                                                                                                                                                                                                                    • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef5a487acd93c416279d422af54232d8d0333c49029b07dfc4f1175e68c26d0a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405EB7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\, 4Wu,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,75573420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                                                                                    • CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                                                                                    • CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CharNext
                                                                                                                                                                                                                                                    • String ID: C:\
                                                                                                                                                                                                                                                    • API String ID: 3213498283-3404278061
                                                                                                                                                                                                                                                    • Opcode ID: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                                                                                                                                                    • Instruction ID: b7f7aa27055ddc775a1b47344aef2f77b81fec2ea34db2f3ccdabfa21b6bce3d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7BF0F631810E1296DB317B548C44E7B97BCEB64354B04843BD741B71C0D3BC8D808BDA
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
                                                                                                                                                                                                                                                    • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
                                                                                                                                                                                                                                                    • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                    • API String ID: 2659869361-4083868402
                                                                                                                                                                                                                                                    • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                                                    • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsf9748.tmp\inetc.dll), ref: 00402695
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrlen
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsf9748.tmp$C:\Users\user\AppData\Local\Temp\nsf9748.tmp\inetc.dll
                                                                                                                                                                                                                                                    • API String ID: 1659193697-884050351
                                                                                                                                                                                                                                                    • Opcode ID: 00933c64229d8af25222ad9bfa8c1bb017ce3e6fae46a45fef74913abf3a9e56
                                                                                                                                                                                                                                                    • Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00933c64229d8af25222ad9bfa8c1bb017ce3e6fae46a45fef74913abf3a9e56
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 0040304A
                                                                                                                                                                                                                                                    • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2102729457-0
                                                                                                                                                                                                                                                    • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                                                                                    • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 00405542
                                                                                                                                                                                                                                                    • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                                                                                                                                                                                                                                                      • Part of subcall function 004044E5: SendMessageW.USER32(0001048C,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                    • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                                                                                    • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405E58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(80000000,C:\Users\user\AppData\Local\Temp,004030E9,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00405E5E
                                                                                                                                                                                                                                                    • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\AppData\Local\Temp,004030E9,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,C:\Users\user\AppData\Local\Temp\SetupEngine.exe,80000000,00000003), ref: 00405E6E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp, xrefs: 00405E58
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CharPrevlstrlen
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                                                                                                                                                    • API String ID: 2709904686-3707357800
                                                                                                                                                                                                                                                    • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                                                    • Instruction ID: d2786f61c86b799b8b6ecf14661ff9643eaf9d362a95097130d0805b1e4d2bc4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36D0A7B3410D20DAC3126718DC04DAF73ECFF6134074A442AF481A71A4D7785E8186ED
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
                                                                                                                                                                                                                                                    • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000008.00000002.2011256201.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011221919.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011288912.0000000000408000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042C000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000042F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000431000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000436000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.000000000043E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000440000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000456000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011380335.0000000000459000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000008.00000002.2011734730.000000000045A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_8_2_400000_SetupEngine.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 190613189-0
                                                                                                                                                                                                                                                    • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                                                                                    • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:10.9%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:7.1%
                                                                                                                                                                                                                                                    Total number of Nodes:1764
                                                                                                                                                                                                                                                    Total number of Limit Nodes:17
                                                                                                                                                                                                                                                    execution_graph 5740 bea7b9 5741 bea7d2 5740->5741 5742 bea7f9 5740->5742 5741->5742 5743 be556e 10 API calls 5741->5743 5743->5741 5744 bd9c30 5745 bd9c4f 5744->5745 5746 bd9c40 5744->5746 5750 bd9be0 5745->5750 5747 bda144 2 API calls 5746->5747 5749 bd9c4d 5747->5749 5751 bd9bf2 5750->5751 5752 bda144 2 API calls 5751->5752 5753 bd9c05 5752->5753 5753->5749 5754 be8230 ??1exception@@UAE 5755 be824b 5754->5755 5756 be8243 ??3@YAXPAX 5754->5756 5756->5755 5758 becc31 5761 becb48 ??0exception@@QAE@ABQBD 5758->5761 5760 becc44 _CxxThrowException 5761->5760 5762 be4f2b 5763 be4f4c 5762->5763 5764 be4f65 5762->5764 5770 be5965 5763->5770 5766 be4f63 5764->5766 5779 be58a9 5764->5779 5771 be597e 5770->5771 5778 be5994 5770->5778 5772 be5983 5771->5772 5771->5778 5774 be5927 7 API calls 5772->5774 5773 be598d 5773->5766 5774->5773 5775 be59b6 5776 be5927 7 API calls 5775->5776 5776->5773 5778->5773 5778->5775 5791 be6c85 5778->5791 5780 be58cc 5779->5780 5781 be4f73 5779->5781 5782 be591c 5780->5782 5785 be58e3 5780->5785 5787 be68b5 5781->5787 5783 bdc465 2 API calls 5782->5783 5784 be5921 5783->5784 5797 be5f7b 5785->5797 5788 be6903 5787->5788 5789 be68be 5787->5789 5788->5766 5789->5788 5790 be68d2 memset 5789->5790 5790->5789 5792 be6cd3 5791->5792 5795 be6cda 5791->5795 5793 be52fd 7 API calls 5792->5793 5793->5795 5794 be6d26 5794->5778 5795->5794 5796 bda107 ??3@YAXPAX 5795->5796 5796->5794 5798 be566f 4 API calls 5797->5798 5800 be5f8f 5798->5800 5799 be5fc9 5799->5781 5800->5799 5801 be5927 7 API calls 5800->5801 5802 be5fc0 ??3@YAXPAX 5801->5802 5802->5799 5806 bda7a7 5807 bdc26e memcpy 5806->5807 5808 bda7c0 5807->5808 5809 be9025 5810 be9043 5809->5810 5813 be834c 5810->5813 5821 bedb30 5813->5821 5816 be839f 5817 bdc52f 2 API calls 5816->5817 5818 be83b2 5817->5818 5819 becfa0 4 API calls 5818->5819 5820 be83be 5819->5820 5822 be835b memset vsprintf_s 5821->5822 5822->5816 5823 be80a2 5824 be65fc 5 API calls 5823->5824 5825 be80b3 5824->5825 5828 beb41e 5829 be834c 8 API calls 5828->5829 5830 beb431 5829->5830 5831 be834c 8 API calls 5830->5831 5832 beb43f 5831->5832 5833 be834c 8 API calls 5832->5833 5834 beb44d 5833->5834 5835 be834c 8 API calls 5834->5835 5836 beb45b 5835->5836 5837 be834c 8 API calls 5836->5837 5838 beb469 5837->5838 5839 be834c 8 API calls 5838->5839 5840 beb477 5839->5840 5841 be834c 8 API calls 5840->5841 5842 beb488 5841->5842 5843 be834c 8 API calls 5842->5843 5844 beb496 5843->5844 5845 be834c 8 API calls 5844->5845 5846 beb4a4 5845->5846 5847 be834c 8 API calls 5846->5847 5848 beb4b2 5847->5848 5849 be834c 8 API calls 5848->5849 5850 beb4c0 5849->5850 5851 be834c 8 API calls 5850->5851 5852 beb4ce 5851->5852 5853 be834c 8 API calls 5852->5853 5854 beb4dc 5853->5854 4840 bda49c 4841 bda4a8 __EH_prolog3_catch 4840->4841 4848 bda58f 4841->4848 4843 bda547 4855 bda1b9 4843->4855 4846 bda53c memcpy 4846->4843 4847 bda552 4849 bda59d 4848->4849 4850 bda4f7 4848->4850 4851 bda5a8 4849->4851 4860 beca2b 4849->4860 4850->4843 4850->4846 4851->4850 4865 becbe6 4851->4865 4856 bda1ec 4855->4856 4857 bda1cb 4855->4857 4856->4847 4857->4856 4858 bda1d8 memcpy 4857->4858 4859 bda1e3 ??3@YAXPAX 4857->4859 4858->4859 4859->4856 4861 beca3f malloc 4860->4861 4862 beca4d 4861->4862 4863 beca32 _callnewh 4861->4863 4862->4851 4863->4861 4864 beca4f 4863->4864 4864->4864 4868 beca88 ??0exception@@QAE@ABQBDH 4865->4868 4867 becbf6 _CxxThrowException 4868->4867 5855 be789f 5858 be5238 5855->5858 5857 be78c9 5859 be5256 5858->5859 5864 be5252 5858->5864 5860 be525e 5859->5860 5861 be5279 5859->5861 5870 be5b4b 5860->5870 5863 bdc465 2 API calls 5861->5863 5865 be527e 5863->5865 5864->5857 5869 be52a3 5865->5869 5883 be5b81 5865->5883 5869->5857 5871 be5b59 5870->5871 5872 be5b70 5870->5872 5873 be5b69 5871->5873 5874 beca2b 2 API calls 5871->5874 5872->5864 5873->5872 5875 becbe6 std::tr1::_Xmem 2 API calls 5873->5875 5874->5873 5876 be5b7b 5875->5876 5877 be5bc4 5876->5877 5878 be5bcb 5876->5878 5879 be5bb2 5876->5879 5877->5864 5880 bdc465 2 API calls 5878->5880 5895 be6026 5879->5895 5881 be5bd0 5880->5881 5884 be52c7 5883->5884 5885 be5ba0 5883->5885 5891 be690e 5884->5891 5886 be5bcb 5885->5886 5887 be5bb2 5885->5887 5888 bdc465 2 API calls 5886->5888 5890 be6026 7 API calls 5887->5890 5889 be5bd0 5888->5889 5890->5884 5892 be691a 5891->5892 5893 be6933 5891->5893 5892->5893 5894 be691e memset 5892->5894 5893->5869 5894->5892 5896 be5b4b 6 API calls 5895->5896 5897 be603a 5896->5897 5898 be605f ??3@YAXPAX 5897->5898 5899 be606b 5897->5899 5898->5899 5899->5877 5900 be5816 5909 be56a8 5900->5909 5904 be5887 5905 be587e ??3@YAXPAX 5905->5904 5906 be5843 5906->5904 5906->5905 5907 bda1b9 2 API calls 5906->5907 5908 be5878 5906->5908 5907->5906 5908->5905 5910 be56cd 5909->5910 5911 be56b6 5909->5911 5916 be7501 5910->5916 5912 be56c6 5911->5912 5913 beca2b 2 API calls 5911->5913 5912->5910 5914 becbe6 std::tr1::_Xmem 2 API calls 5912->5914 5913->5912 5915 be56d8 5914->5915 5918 be7510 5916->5918 5917 be753a 5917->5906 5918->5917 5919 bdc244 memmove 5918->5919 5919->5918 5920 bdbb91 5921 bdbbbe 5920->5921 5922 bdbbdc 5921->5922 5964 bed7cd __iob_func 5921->5964 5925 bdbbfb 5922->5925 5933 bdbc18 5922->5933 5924 bdbbd1 fprintf 5924->5922 5965 bed7cd __iob_func 5925->5965 5927 bdbfc4 5928 bdbc07 fprintf 5928->5927 5931 bdbc68 fprintf 5931->5933 5933->5927 5966 bed7cd __iob_func 5933->5966 5967 bed7cd __iob_func 5933->5967 5968 bed7cd __iob_func 5933->5968 5969 bed7cd __iob_func 5933->5969 5970 bda7ce 5933->5970 5973 bed7cd __iob_func 5933->5973 5974 bed7cd __iob_func 5933->5974 5975 bed7cd __iob_func 5933->5975 5976 bed7cd __iob_func 5933->5976 5977 bed7cd __iob_func 5933->5977 5978 bed7cd __iob_func 5933->5978 5979 bed7cd __iob_func 5933->5979 5980 bed7cd __iob_func 5933->5980 5981 bed7cd __iob_func 5933->5981 5982 bed7cd __iob_func 5933->5982 5983 bed7cd __iob_func 5933->5983 5984 bed7cd __iob_func 5933->5984 5985 bda17a 5933->5985 5934 bdbd48 fprintf 5934->5933 5937 bdbcb6 fprintf 5937->5933 5939 bdbd0b fprintf 5939->5933 5941 bdbda2 fprintf 5941->5933 5944 bdbdc9 fprintf 5944->5933 5945 bdbdfa fprintf 5945->5933 5949 bdbe27 fprintf 5949->5933 5950 bdbe83 fprintf 5950->5933 5951 bdbe9f fprintf 5951->5933 5954 bdbe48 fprintf 5954->5933 5956 bdbec7 fprintf 5956->5933 5957 bdbf3b fprintf 5957->5933 5960 bdbee8 fprintf 5960->5933 5961 bdbf0a fprintf 5961->5933 5963 bdbf74 fprintf 5963->5933 5964->5924 5965->5928 5966->5931 5967->5937 5968->5939 5969->5934 5990 bdc1d7 5970->5990 5972 bda7e1 5972->5933 5973->5941 5974->5944 5975->5945 5976->5949 5977->5954 5978->5950 5979->5951 5980->5956 5981->5960 5982->5961 5983->5957 5984->5963 5986 bda186 5985->5986 5987 bda1b1 5985->5987 5988 bda19d ??3@YAXPAX 5986->5988 6021 bd9cf3 5986->6021 5987->5933 5988->5987 5991 bdc1e3 __EH_prolog3_catch 5990->5991 5996 bdc334 5991->5996 5994 bdc220 5994->5972 5997 bdc20a 5996->5997 5998 bdc352 5996->5998 5997->5994 6004 bdc870 5997->6004 5999 bdc378 5998->5999 6000 bdc35a 5998->6000 6001 bdc465 2 API calls 5999->6001 6008 bdc4f6 6000->6008 6003 bdc37d 6001->6003 6005 bdc87c __EH_prolog3_catch 6004->6005 6006 bdc8df 6005->6006 6015 bda7ef 6005->6015 6006->5994 6009 bdc51e 6008->6009 6010 bdc504 6008->6010 6009->5997 6011 bdc517 6010->6011 6012 beca2b 2 API calls 6010->6012 6011->6009 6013 becbe6 std::tr1::_Xmem 2 API calls 6011->6013 6012->6011 6014 bdc529 6013->6014 6016 bda7fb 6015->6016 6017 bdc26e memcpy 6016->6017 6018 bda809 6017->6018 6019 bdc26e memcpy 6018->6019 6020 bda91b 6019->6020 6020->6005 6022 bda1b9 2 API calls 6021->6022 6023 bd9d07 6022->6023 6024 bda1b9 2 API calls 6023->6024 6025 bd9d12 6024->6025 6025->5986 6026 bd9d90 6027 bd9d9b printf SetEvent 6026->6027 6030 bd9de7 6026->6030 6028 bd9dd5 SetConsoleCtrlHandler 6027->6028 6029 bd9db7 GetLastError 6027->6029 6028->6030 6033 bed7cd __iob_func 6029->6033 6032 bd9dca fprintf 6032->6028 6033->6032 6034 bed210 6035 bed24d 6034->6035 6037 bed222 6034->6037 6036 bed247 ?terminate@ 6036->6035 6037->6035 6037->6036 6038 becf90 6041 bed498 6038->6041 6040 becf95 6040->6040 6042 bed4bd 6041->6042 6043 bed4ca GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 6041->6043 6042->6043 6044 bed4c1 6042->6044 6043->6044 6044->6040 6048 beb111 6049 beb126 6048->6049 6050 be834c 8 API calls 6049->6050 6051 beb138 6050->6051 6052 be834c 8 API calls 6051->6052 6053 beb149 6052->6053 6054 be834c 8 API calls 6053->6054 6055 beb15a 6054->6055 6056 be834c 8 API calls 6055->6056 6057 beb16b 6056->6057 6058 be834c 8 API calls 6057->6058 6059 beb17c 6058->6059 6060 be834c 8 API calls 6059->6060 6061 beb190 6060->6061 6062 be834c 8 API calls 6061->6062 6063 beb1a1 6062->6063 6064 be834c 8 API calls 6063->6064 6065 beb1b2 6064->6065 4869 be2e86 4870 be2ea6 strcpy_s 4869->4870 4871 be2ea1 4869->4871 4870->4871 4873 be2ec4 4870->4873 4878 becfa0 4871->4878 4873->4871 4875 be2ee1 GetFileAttributesA 4873->4875 4874 be2f21 4875->4873 4876 be2ef6 CreateDirectoryA 4875->4876 4876->4873 4877 be2f25 GetLastError 4876->4877 4877->4871 4879 becfab 4878->4879 4880 becfa8 4878->4880 4883 bed5fa SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 4879->4883 4880->4874 4882 bed735 4882->4874 4883->4882 6066 be5d04 ??3@YAXPAX 6067 bd9c80 6068 bd9c92 6067->6068 6069 bda144 2 API calls 6068->6069 6070 bd9ca5 6069->6070 6071 be8300 ??0exception@@QAE@ABV0@ 6072 bdc77e 6073 bdc7ac 6072->6073 6074 bdc792 6072->6074 6079 bdc7cc ??3@YAXPAX 6073->6079 6080 bdc7d5 6073->6080 6075 bdc7ef 6074->6075 6077 beca2b 2 API calls 6074->6077 6076 becbe6 std::tr1::_Xmem 2 API calls 6075->6076 6082 bdc7f4 __EH_prolog3_catch 6076->6082 6078 bdc7a5 6077->6078 6078->6073 6078->6075 6079->6080 6081 bdc861 6082->6081 6083 bdc26e memcpy 6082->6083 6083->6082 6084 bdcd7e 6087 bdcdb8 6084->6087 6093 bdce00 6084->6093 6085 bdce49 6113 bde9ca 6085->6113 6086 bdce18 6107 bdcc0b 6086->6107 6090 bdcdd1 memchr 6087->6090 6087->6093 6090->6087 6090->6093 6092 bdce2e 6096 bda3ca 2 API calls 6092->6096 6093->6085 6093->6086 6094 bdcc0b 3 API calls 6095 bdce6e 6094->6095 6097 bda1b9 2 API calls 6095->6097 6099 bdce47 6096->6099 6098 bdce7d 6097->6098 6100 bde9ca memcpy 6098->6100 6102 becfa0 4 API calls 6099->6102 6101 bdce8f 6100->6101 6103 bdea01 3 API calls 6101->6103 6104 bdceb6 6102->6104 6105 bdce99 6103->6105 6106 bda1b9 2 API calls 6105->6106 6106->6099 6112 bdcc32 __aulldiv 6107->6112 6108 bdcd62 6108->6092 6109 bdcca3 toupper 6109->6112 6111 bdcccd fprintf 6111->6112 6112->6108 6112->6109 6116 bed7cd __iob_func 6112->6116 6114 bda205 memcpy 6113->6114 6115 bdce58 6114->6115 6115->6094 6116->6111 6117 be31fa 6118 be3205 SetEvent 6117->6118 6119 be322f 6117->6119 6120 be321c 6118->6120 6121 be3239 6118->6121 6122 be1330 4 API calls 6120->6122 6121->6119 6123 be3231 Sleep 6121->6123 6124 be3226 6122->6124 6123->6121 6126 be31aa 6124->6126 6127 be31ef 6126->6127 6128 be31c4 TerminateThread 6126->6128 6127->6119 6129 be31d3 6128->6129 6129->6127 6129->6128 6130 be1330 4 API calls 6129->6130 6130->6129 6131 be8df8 6132 be8e41 6131->6132 6133 be834c 8 API calls 6132->6133 6134 be8e50 6133->6134 6135 be834c 8 API calls 6134->6135 6141 be8e5b 6135->6141 6136 be8f8c 6138 be834c 8 API calls 6136->6138 6137 be8e90 sprintf_s 6139 be834c 8 API calls 6137->6139 6140 be8f9b sprintf_s 6138->6140 6139->6141 6143 be834c 8 API calls 6140->6143 6141->6136 6141->6137 6144 be9006 6143->6144 6145 becfa0 4 API calls 6144->6145 6146 be901a 6145->6146 6147 bd9a70 QueryPerformanceFrequency 6148 bec5f0 6149 bec604 6148->6149 6150 bec623 6148->6150 6149->6150 6151 bec608 6149->6151 6152 bec615 6150->6152 6153 bec649 7 API calls 6150->6153 6151->6152 6155 bec649 6151->6155 6153->6152 6156 bec65c 6155->6156 6157 bec693 6155->6157 6158 bec697 6156->6158 6161 bec670 6156->6161 6157->6152 6159 bdc465 2 API calls 6158->6159 6160 bec69c 6159->6160 6163 bec6a2 6161->6163 6164 bec6b9 6163->6164 6168 bec6d3 6163->6168 6165 bec714 6164->6165 6167 beca2b 2 API calls 6164->6167 6166 becbe6 std::tr1::_Xmem 2 API calls 6165->6166 6171 bec719 6166->6171 6172 bec6cc 6167->6172 6169 bec6ee ??3@YAXPAX 6168->6169 6170 bec6f6 6168->6170 6169->6170 6170->6157 6172->6165 6172->6168 6173 bed2ee GetModuleHandleA 6174 bed2ff 6173->6174 6175 beb8ec 6176 beb924 6175->6176 6177 be834c 8 API calls 6176->6177 6193 beb933 6177->6193 6178 beba96 6179 be834c 8 API calls 6178->6179 6181 bebaa5 6179->6181 6180 be834c 8 API calls 6180->6193 6182 be834c 8 API calls 6181->6182 6183 bebad5 6182->6183 6184 be834c 8 API calls 6183->6184 6185 bebaee 6184->6185 6186 be834c 8 API calls 6185->6186 6187 bebb0b 6186->6187 6188 be834c 8 API calls 6187->6188 6189 bebb24 6188->6189 6190 be834c 8 API calls 6189->6190 6191 bebb2f 6190->6191 6192 be834c 8 API calls 6191->6192 6194 bebb3a 6192->6194 6193->6178 6193->6180 6198 bdf766 6223 be0a84 6198->6223 6201 be0a84 12 API calls 6202 bdf7b3 6201->6202 6203 be0a84 12 API calls 6202->6203 6222 bdf937 6202->6222 6204 bdf7db 6203->6204 6205 be0a84 12 API calls 6204->6205 6204->6222 6206 bdf803 6205->6206 6207 be0a84 12 API calls 6206->6207 6206->6222 6208 bdf82b 6207->6208 6209 be0a84 12 API calls 6208->6209 6208->6222 6210 bdf853 6209->6210 6211 be0a84 12 API calls 6210->6211 6210->6222 6212 bdf87b 6211->6212 6213 be0a84 12 API calls 6212->6213 6212->6222 6214 bdf8a3 6213->6214 6215 be0a84 12 API calls 6214->6215 6214->6222 6216 bdf8cb 6215->6216 6217 be0a84 12 API calls 6216->6217 6216->6222 6218 bdf8ef 6217->6218 6219 be0a84 12 API calls 6218->6219 6218->6222 6220 bdf913 6219->6220 6221 be0a84 12 API calls 6220->6221 6220->6222 6221->6222 6224 be0a90 __EH_prolog3_GS 6223->6224 6233 bdf15e 6224->6233 6226 be0b16 VariantClear 6249 bdf72b 6226->6249 6232 be0af2 _wcsicmp SysFreeString 6232->6226 6256 bed14c 6233->6256 6235 bdf16a VariantClear 6236 bdf18f 6235->6236 6237 bdf227 SysAllocString 6235->6237 6242 bdf224 6236->6242 6244 bdf1c8 6236->6244 6257 bdf002 6236->6257 6238 bdf235 6237->6238 6239 bdf254 free 6238->6239 6240 bdf262 6238->6240 6239->6238 6241 bed100 4 API calls 6240->6241 6243 bdf26c 6241->6243 6242->6237 6243->6226 6243->6232 6244->6238 6245 bdf1e4 malloc 6244->6245 6247 bdf1cc 6244->6247 6245->6242 6245->6247 6247->6242 6248 bdf204 MultiByteToWideChar 6247->6248 6248->6242 6252 bdf741 6249->6252 6250 becfa0 4 API calls 6251 bdf75d 6250->6251 6253 bed100 6251->6253 6252->6250 6254 becfa0 4 API calls 6253->6254 6255 bdf785 6254->6255 6255->6201 6255->6222 6256->6235 6258 bdf00e 6257->6258 6261 bed5b4 6258->6261 6262 becfa0 4 API calls 6261->6262 6263 bdf069 6262->6263 6263->6244 6264 bd9ae0 6265 bd9afc 6264->6265 6266 bd9af4 ??3@YAXPAX 6264->6266 6266->6265 6267 bd9d60 6270 bed7cd __iob_func 6267->6270 6269 bd9d72 vfprintf 6270->6269 6271 be4d63 6272 be4d7c 6271->6272 6273 be4da2 6271->6273 6274 be4d82 6272->6274 6275 be4d8b memmove 6272->6275 6273->6274 6278 be56de 6273->6278 6275->6274 6279 be4db0 memset 6278->6279 6280 be56f3 6278->6280 6279->6274 6281 be572a 6280->6281 6283 be56fd 6280->6283 6282 bdc465 2 API calls 6281->6282 6284 be572f 6282->6284 6286 be5e88 6283->6286 6287 be5eae memmove 6286->6287 6288 be5e9c 6286->6288 6290 be5ecd ??3@YAXPAX 6287->6290 6291 be5ed6 6287->6291 6289 be5eef 6288->6289 6292 beca2b 2 API calls 6288->6292 6293 becbe6 std::tr1::_Xmem 2 API calls 6289->6293 6290->6291 6291->6279 6294 be5ea7 6292->6294 6295 be5ef4 6293->6295 6294->6287 6294->6289 6296 be5f70 6295->6296 6297 be5f26 6295->6297 6299 beca2b 2 API calls 6295->6299 6298 becbe6 std::tr1::_Xmem 2 API calls 6296->6298 6300 be5f49 ??3@YAXPAX 6297->6300 6301 be5f55 6297->6301 6302 be5f75 6298->6302 6303 be5f1f 6299->6303 6300->6301 6301->6279 6304 be566f 4 API calls 6302->6304 6303->6296 6303->6297 6306 be5f8f 6304->6306 6305 be5fc9 6305->6279 6306->6305 6307 be5927 7 API calls 6306->6307 6308 be5fc0 ??3@YAXPAX 6307->6308 6308->6305 4966 be1f60 4968 be1f6f __EH_prolog3_GS 4966->4968 4967 be1ff8 srand 4969 be2013 4967->4969 4974 be2094 4967->4974 4968->4967 5204 bdaa3b 4968->5204 5104 be1370 4969->5104 4972 be1fd8 4972->4967 5098 be20b5 __aulldiv 4974->5098 5108 be1175 GetCurrentProcess OpenProcessToken 4974->5108 4975 be207d 5207 be1330 4975->5207 4978 be253e 4979 be1370 4 API calls 4978->4979 4980 be255b 4979->4980 5136 be47a3 4980->5136 4982 be208d 4985 be2da3 4982->4985 4987 be2d8c VirtualFree 4982->4987 4983 be2756 4989 be1330 4 API calls 4983->4989 4991 be2da8 FindCloseChangeNotification 4985->4991 4992 be2db8 4985->4992 4987->4982 5044 be2731 4989->5044 4990 be212c atoi sprintf_s 4990->5098 4991->4985 4995 be2dc9 4992->4995 4996 be2dc2 CloseHandle 4992->4996 4994 be215d isalpha 4994->5098 5315 be2df7 4995->5315 4996->4995 4998 be2685 5001 be2af0 4998->5001 5003 be26a8 4998->5003 4999 bda1b9 2 API calls 4999->4982 5000 be2172 sprintf_s 5000->5098 5004 be2b3b 5001->5004 5008 be2b0d CreateIoCompletionPort 5001->5008 5007 be1681 5 API calls 5003->5007 5155 be46bf 5004->5155 5010 be26b8 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 5007->5010 5008->5001 5011 be2b42 GetLastError 5008->5011 5017 be1370 4 API calls 5010->5017 5011->5004 5014 bda1b9 2 API calls 5025 be259d 5014->5025 5015 be2b6b 5159 be463a 5015->5159 5019 be26f4 SetFilePointerEx 5017->5019 5020 be2834 5019->5020 5021 be2715 GetLastError 5019->5021 5026 be1370 4 API calls 5020->5026 5029 be2726 5021->5029 5022 bec74e 11 API calls 5022->5025 5023 be47a3 13 API calls 5068 be2b87 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 5023->5068 5024 be2232 CreateFileA 5027 be27f1 GetLastError 5024->5027 5024->5098 5025->4998 5025->5014 5025->5022 5248 bda786 5025->5248 5251 bdea01 5025->5251 5031 be284b WaitForSingleObject 5026->5031 5034 be280a 5027->5034 5035 be1330 4 API calls 5029->5035 5030 be2cfc 5033 be1370 4 API calls 5030->5033 5037 be2872 5031->5037 5038 be2861 GetLastError 5031->5038 5039 be2d13 WaitForSingleObject 5033->5039 5040 be1330 4 API calls 5034->5040 5035->5044 5041 be1370 4 API calls 5037->5041 5038->5037 5039->5038 5043 be2d2d 5039->5043 5040->5044 5042 be2889 5041->5042 5042->4982 5049 be28af 5042->5049 5047 be1370 4 API calls 5043->5047 5044->4999 5045 be4c97 8 API calls 5045->5068 5046 be22da SetFileInformationByHandle 5050 be2738 GetLastError 5046->5050 5046->5098 5051 be2d44 5047->5051 5048 be4fac 8 API calls 5048->5098 5257 be80d1 GetTickCount64 5049->5257 5050->5034 5051->4982 5056 be2d5b 5051->5056 5057 be2d68 5051->5057 5054 be2330 GetFileSize 5059 be234b GetLastError 5054->5059 5054->5098 5172 be1733 5056->5172 5300 be1da7 5057->5300 5059->4983 5059->5098 5061 be2258 5061->5029 5061->5098 5211 be1250 CreateEventA 5061->5211 5220 be1085 CreateEventA 5061->5220 5234 be0fb0 CreateEventA 5061->5234 5063 be1490 5 API calls 5063->5068 5064 be2aa6 5064->4982 5065 be1330 4 API calls 5065->5098 5066 be4738 12 API calls 5066->5098 5068->5030 5068->5045 5068->5063 5073 be1370 4 API calls 5068->5073 5165 be1681 5068->5165 5072 be28f8 Sleep 5092 be28ce __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 5072->5092 5073->5068 5074 be293f ReadFile 5074->5092 5075 be27a2 5077 bda786 memcpy 5075->5077 5081 be27b0 5077->5081 5079 be2aab GetLastError 5082 be1330 4 API calls 5079->5082 5085 be1330 4 API calls 5081->5085 5082->5064 5083 bda786 memcpy 5083->5098 5084 be1330 4 API calls 5084->5092 5088 be2797 5085->5088 5093 bda1b9 2 API calls 5088->5093 5090 be1370 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 5090->5098 5092->4982 5092->5064 5092->5072 5092->5074 5092->5079 5092->5084 5095 be1370 4 API calls 5092->5095 5259 be813d 5092->5259 5267 bda975 QueryPerformanceCounter 5092->5267 5268 be170c rand 5092->5268 5269 bdc075 5092->5269 5272 be81c5 5092->5272 5276 be0d77 5092->5276 5290 be12f0 5092->5290 5294 be1490 5092->5294 5093->5044 5094 bda1b9 memcpy ??3@YAXPAX 5094->5098 5097 be2a7c SetFilePointerEx 5095->5097 5097->5079 5097->5092 5098->4978 5098->4982 5098->4983 5098->4990 5098->4994 5098->5000 5098->5024 5098->5046 5098->5048 5098->5054 5098->5061 5098->5065 5098->5066 5098->5075 5098->5083 5098->5090 5098->5094 5099 be2769 5098->5099 5123 be1640 5098->5123 5127 bdbfd5 5098->5127 5100 bda786 memcpy 5099->5100 5101 be2777 GetLastError 5100->5101 5103 be1330 4 API calls 5101->5103 5103->5088 5105 be138b 5104->5105 5106 becfa0 4 API calls 5105->5106 5107 be13ad GetCurrentThread SetThreadGroupAffinity 5106->5107 5107->4974 5107->4975 5109 be11ac GetLastError 5108->5109 5110 be11c3 LookupPrivilegeValueA 5108->5110 5111 be1330 4 API calls 5109->5111 5112 be11ee AdjustTokenPrivileges 5110->5112 5113 be11de GetLastError 5110->5113 5118 be11be 5111->5118 5114 be120d GetLastError 5112->5114 5115 be1205 GetLastError 5112->5115 5117 be1217 5113->5117 5114->5117 5114->5118 5115->5117 5116 be1330 4 API calls 5116->5118 5117->5116 5119 be122f FindCloseChangeNotification 5118->5119 5120 be1238 5118->5120 5119->5120 5121 becfa0 4 API calls 5120->5121 5122 be1247 5121->5122 5122->5098 5124 be1657 5123->5124 5126 be1660 5123->5126 5125 be1490 5 API calls 5124->5125 5125->5126 5126->5098 5128 bdbff6 GetLargePageMinimum 5127->5128 5129 bdc010 5127->5129 5130 bdc018 VirtualAlloc 5128->5130 5129->5130 5131 bdc062 5130->5131 5132 bdc030 5130->5132 5131->5098 5133 bdc047 5132->5133 5135 bdc03a memset 5132->5135 5334 bdc0e3 5133->5334 5135->5133 5137 be47e8 5136->5137 5138 be47c0 5136->5138 5139 be257d 5137->5139 5365 be50f1 5137->5365 5138->5139 5141 be47d0 memmove 5138->5141 5142 be4b56 5139->5142 5141->5139 5143 be4b64 5142->5143 5144 be2588 5143->5144 5424 be77cb 5143->5424 5146 be4b83 5144->5146 5147 be4b8f __EH_prolog3_catch 5146->5147 5148 be4baa 5147->5148 5149 be4bc9 5147->5149 5447 be54c5 5148->5447 5151 be4bc1 5149->5151 5456 be546e 5149->5456 5151->5025 5156 be46f4 5155->5156 5158 be46de 5155->5158 5156->5158 5589 be5010 5156->5589 5158->5015 5160 be467f 5159->5160 5161 be4657 5159->5161 5164 be2b79 5160->5164 5607 be4fac 5160->5607 5162 be4667 memmove 5161->5162 5161->5164 5162->5164 5164->5023 5166 be16bc 5165->5166 5167 be16b6 5165->5167 5169 be1490 5 API calls 5166->5169 5167->5166 5168 be16c9 5167->5168 5170 be1640 5 API calls 5168->5170 5171 be16c5 5169->5171 5170->5171 5171->5068 5173 be173f 5172->5173 5615 be4dd7 5173->5615 5175 be1794 5177 be17f7 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 5175->5177 5178 be17d5 5175->5178 5176 be1b04 5179 be1b0e ??3@YAXPAX 5176->5179 5184 be1b16 5176->5184 5177->5176 5180 be813d 2 API calls 5177->5180 5182 be19b9 GetQueuedCompletionStatus 5177->5182 5185 be19b2 Sleep 5177->5185 5187 be1330 4 API calls 5177->5187 5190 be0d77 16 API calls 5177->5190 5192 be1490 5 API calls 5177->5192 5193 be18ff ReadFile 5177->5193 5194 be12f0 4 API calls 5177->5194 5197 be1960 GetLastError 5177->5197 5198 be1370 4 API calls 5177->5198 5200 be1932 5177->5200 5619 be170c rand 5177->5619 5620 bda975 QueryPerformanceCounter 5177->5620 5181 be80d1 GetTickCount64 5178->5181 5179->5184 5180->5177 5181->5175 5182->5177 5183 be1aea GetLastError 5182->5183 5183->5177 5186 be1b47 5183->5186 5184->4982 5185->5182 5188 be1330 4 API calls 5186->5188 5187->5177 5188->5176 5190->5177 5192->5177 5193->5177 5194->5177 5195 bdc075 rand 5196 be1950 WriteFile 5195->5196 5196->5177 5197->5177 5199 be1b1e GetLastError 5197->5199 5198->5177 5203 be1330 4 API calls 5199->5203 5200->5195 5202 be81c5 GetTickCount64 5200->5202 5202->5177 5203->5176 5205 bdaa98 _ftol2 5204->5205 5205->4972 5210 be134b 5207->5210 5208 becfa0 4 API calls 5209 be1367 5208->5209 5209->4982 5210->5208 5212 be1288 DeviceIoControl 5211->5212 5213 be1280 GetLastError 5211->5213 5214 be12a1 GetLastError 5212->5214 5219 be12d0 5212->5219 5216 be12e2 5213->5216 5217 be12b1 GetOverlappedResult 5214->5217 5214->5219 5215 be12d9 CloseHandle 5215->5216 5216->5061 5218 be12c6 GetLastError 5217->5218 5217->5219 5218->5219 5219->5215 5219->5216 5221 be10b8 GetLastError 5220->5221 5222 be10d4 DeviceIoControl 5220->5222 5223 be1330 4 API calls 5221->5223 5224 be10f9 GetLastError 5222->5224 5225 be1135 CloseHandle 5222->5225 5230 be10c9 5223->5230 5226 be1106 WaitForSingleObject 5224->5226 5229 be1128 5224->5229 5225->5230 5227 be1115 GetLastError 5226->5227 5228 be1123 5226->5228 5227->5229 5228->5225 5231 be1330 4 API calls 5229->5231 5232 becfa0 4 API calls 5230->5232 5231->5228 5233 be116c 5232->5233 5233->5098 5235 be0ffc DeviceIoControl 5234->5235 5236 be0fe3 GetLastError 5234->5236 5237 be105d CloseHandle 5235->5237 5238 be1021 GetLastError 5235->5238 5239 be1330 4 API calls 5236->5239 5241 be0ff4 5237->5241 5240 be102e WaitForSingleObject 5238->5240 5244 be1050 5238->5244 5239->5241 5242 be103d GetLastError 5240->5242 5243 be104b 5240->5243 5246 becfa0 4 API calls 5241->5246 5242->5244 5243->5237 5245 be1330 4 API calls 5244->5245 5245->5243 5247 be107c 5246->5247 5247->5061 5666 bdc26e 5248->5666 5252 bdea0e 5251->5252 5253 bdea21 5251->5253 5254 bda1b9 2 API calls 5252->5254 5253->5025 5255 bdea17 5254->5255 5256 bdc3d7 memmove 5255->5256 5256->5253 5258 be8112 5257->5258 5258->5092 5260 be8148 GetTickCount64 5259->5260 5261 be8171 5259->5261 5262 be8155 5260->5262 5261->5262 5263 be8177 5261->5263 5262->5263 5264 be815c 5262->5264 5265 be8180 GetTickCount64 5262->5265 5263->5092 5264->5092 5266 be81a0 5265->5266 5266->5092 5267->5092 5268->5092 5270 bdc0a7 rand 5269->5270 5271 bdc097 WriteFile 5269->5271 5270->5271 5271->5092 5273 be81fe 5272->5273 5274 be81e3 5272->5274 5273->5092 5274->5273 5275 be81e8 GetTickCount64 5274->5275 5275->5273 5277 be0d8d 5276->5277 5279 be0e55 5277->5279 5669 bda975 QueryPerformanceCounter 5277->5669 5279->5092 5280 be0e13 5280->5279 5282 be0e4a 5280->5282 5283 be0e57 5280->5283 5281 be0d9c 5281->5280 5285 be0e1a 5281->5285 5286 be0e02 5281->5286 5678 bec7d3 5282->5678 5284 bec7d3 11 API calls 5283->5284 5284->5279 5289 be556e 10 API calls 5285->5289 5670 be556e 5286->5670 5289->5280 5291 be130b 5290->5291 5292 becfa0 4 API calls 5291->5292 5293 be1327 5292->5293 5293->5092 5295 be14bb 5294->5295 5297 be14f4 __aullrem 5295->5297 5733 be13b6 rand rand rand rand rand 5295->5733 5298 be15cc __aulldiv __aullrem 5297->5298 5299 be1640 5 API calls 5297->5299 5298->5092 5299->5298 5301 be1f0e 5300->5301 5308 be1ddf 5300->5308 5302 be1f17 WaitForSingleObjectEx 5301->5302 5303 be1f3c 5301->5303 5307 be1f09 5301->5307 5302->5301 5304 be1330 4 API calls 5303->5304 5304->5307 5307->4982 5308->5301 5309 be1e3b ReadFileEx 5308->5309 5310 bdc075 rand 5308->5310 5312 be1edf GetLastError 5308->5312 5734 bda975 QueryPerformanceCounter 5308->5734 5735 be170c rand 5308->5735 5309->5308 5311 be1e8b WriteFileEx 5310->5311 5311->5308 5314 be1330 4 API calls 5312->5314 5314->5307 5316 bda107 ??3@YAXPAX 5315->5316 5317 be2e05 5316->5317 5318 bda107 ??3@YAXPAX 5317->5318 5319 be2e0d 5318->5319 5320 be2e27 5319->5320 5321 be2e14 ??3@YAXPAX 5319->5321 5322 bda107 ??3@YAXPAX 5320->5322 5321->5320 5323 be2e2f 5322->5323 5324 bda107 ??3@YAXPAX 5323->5324 5325 be2e37 5324->5325 5326 be2e4f 5325->5326 5327 be2e3c ??3@YAXPAX 5325->5327 5328 be2e67 5326->5328 5329 be2e54 ??3@YAXPAX 5326->5329 5327->5326 5330 bda107 ??3@YAXPAX 5328->5330 5329->5328 5331 be2e6f 5330->5331 5332 bda107 ??3@YAXPAX 5331->5332 5333 be2e77 5332->5333 5335 bdc118 5334->5335 5336 bdc0f6 5334->5336 5338 bdc29b 11 API calls 5335->5338 5340 bdc10a 5335->5340 5336->5335 5337 bdc0fa 5336->5337 5337->5340 5341 bdc29b 5337->5341 5338->5340 5340->5131 5342 bdc2ae 5341->5342 5343 bdc2e5 5341->5343 5344 bdc2e9 5342->5344 5346 bdc2c2 5342->5346 5343->5340 5362 bdc465 5344->5362 5352 bdc475 5346->5352 5353 bdc4a3 memmove 5352->5353 5355 bdc489 5352->5355 5356 bdc4c8 ??3@YAXPAX 5353->5356 5357 bdc4d1 5353->5357 5354 bdc4eb 5359 becbe6 std::tr1::_Xmem 2 API calls 5354->5359 5355->5354 5358 beca2b 2 API calls 5355->5358 5356->5357 5357->5343 5360 bdc49c 5358->5360 5361 bdc4f0 5359->5361 5360->5353 5360->5354 5363 becc0a 2 API calls 5362->5363 5364 bdc46f 5363->5364 5366 be510c 5365->5366 5367 be5144 5365->5367 5368 be514a 5366->5368 5371 be511f 5366->5371 5367->5139 5369 bdc465 2 API calls 5368->5369 5370 be514f 5369->5370 5372 be5178 5370->5372 5373 be51c0 5370->5373 5378 be517e 5370->5378 5385 be5a5c 5371->5385 5390 be5ff0 5372->5390 5376 bdc465 2 API calls 5373->5376 5377 be51c5 5376->5377 5379 be5227 5377->5379 5380 be522d 5377->5380 5383 be51fc 5377->5383 5378->5139 5379->5139 5381 bdc465 2 API calls 5380->5381 5382 be5232 5381->5382 5397 be5ab8 5383->5397 5386 be5ff0 4 API calls 5385->5386 5387 be5a6e memmove 5386->5387 5388 be5a9b 5387->5388 5389 be5a92 ??3@YAXPAX 5387->5389 5388->5367 5389->5388 5391 be5ffe 5390->5391 5392 be6015 5390->5392 5393 be600e 5391->5393 5394 beca2b 2 API calls 5391->5394 5392->5378 5393->5392 5395 becbe6 std::tr1::_Xmem 2 API calls 5393->5395 5394->5393 5396 be6020 5395->5396 5406 bdc42f 5397->5406 5401 be5b29 5401->5379 5402 be5b20 ??3@YAXPAX 5402->5401 5403 be5ae5 5403->5401 5403->5402 5404 bda1b9 2 API calls 5403->5404 5405 be5b1a 5403->5405 5404->5403 5405->5402 5407 bdc454 5406->5407 5408 bdc43d 5406->5408 5413 be757e 5407->5413 5410 beca2b 2 API calls 5408->5410 5412 bdc44d 5408->5412 5409 becbe6 std::tr1::_Xmem 2 API calls 5411 bdc45f 5409->5411 5410->5412 5412->5407 5412->5409 5414 be758d 5413->5414 5415 be75a5 5414->5415 5417 bdc244 5414->5417 5415->5403 5420 bdc3d7 5417->5420 5421 bdc3e9 5420->5421 5423 bdc262 5420->5423 5422 bdc3f1 memmove 5421->5422 5421->5423 5422->5423 5423->5414 5435 bda107 5424->5435 5427 bda107 ??3@YAXPAX 5428 be77e6 5427->5428 5438 be4c1f 5428->5438 5430 be77ee 5431 be4c1f 3 API calls 5430->5431 5432 be77f6 5431->5432 5433 bda1b9 2 API calls 5432->5433 5434 be7801 5433->5434 5434->5143 5436 bda124 5435->5436 5437 bda111 ??3@YAXPAX 5435->5437 5436->5427 5437->5436 5439 bda107 ??3@YAXPAX 5438->5439 5440 be4c2c 5439->5440 5443 be6130 5440->5443 5444 be4c33 ??3@YAXPAX 5443->5444 5445 be6148 5443->5445 5444->5430 5446 be6149 ??3@YAXPAX 5445->5446 5446->5444 5446->5446 5448 be54dd 5447->5448 5453 be54ec 5447->5453 5450 be54e2 5448->5450 5448->5453 5449 be54e7 5449->5151 5452 be4b56 5 API calls 5450->5452 5451 be5511 5451->5449 5455 be77cb 5 API calls 5451->5455 5452->5449 5453->5449 5453->5451 5468 be6bd6 5453->5468 5455->5451 5457 be548f 5456->5457 5458 be4bd7 5456->5458 5459 be54ba 5457->5459 5460 be54a1 5457->5460 5464 be682d 5458->5464 5461 bdc465 2 API calls 5459->5461 5525 be5d1c 5460->5525 5462 be54bf 5461->5462 5466 be6839 __EH_prolog3_catch 5464->5466 5465 be688d 5465->5151 5466->5465 5577 be0cc2 5466->5577 5469 bdea01 3 API calls 5468->5469 5470 be6be8 5469->5470 5479 be6d4e 5470->5479 5473 be6d4e 9 API calls 5474 be6c54 5473->5474 5485 be6d8d 5474->5485 5477 be6d8d ??3@YAXPAX 5478 be6c78 5477->5478 5478->5453 5480 be6d68 5479->5480 5481 be6c48 5479->5481 5482 be6130 ??3@YAXPAX 5480->5482 5481->5473 5483 be6d77 5482->5483 5489 be6161 5483->5489 5486 be6db4 5485->5486 5487 be6c66 5485->5487 5488 bda107 ??3@YAXPAX 5486->5488 5487->5477 5488->5487 5490 be6190 5489->5490 5491 be6180 5489->5491 5504 be6353 5490->5504 5492 be6188 5491->5492 5493 be61b6 5491->5493 5499 bdecf1 5492->5499 5496 bdc465 2 API calls 5493->5496 5498 be61bb 5496->5498 5508 bdebcd 5499->5508 5501 bded04 5502 bded2c 5501->5502 5503 bded23 ??3@YAXPAX 5501->5503 5502->5490 5503->5502 5505 be6373 5504->5505 5515 be643c 5505->5515 5507 be61a1 5507->5481 5509 bdebdb 5508->5509 5510 bdebf2 5508->5510 5511 beca2b 2 API calls 5509->5511 5513 bdebeb 5509->5513 5510->5501 5511->5513 5512 becbe6 std::tr1::_Xmem 2 API calls 5514 bdebfd 5512->5514 5513->5510 5513->5512 5516 be6462 5515->5516 5522 be6503 5515->5522 5517 be648b 5516->5517 5518 be65f1 5516->5518 5516->5522 5521 bdebcd 4 API calls 5517->5521 5519 bdc465 2 API calls 5518->5519 5520 be65f6 5519->5520 5523 be649f 5521->5523 5522->5507 5523->5522 5524 be64fa ??3@YAXPAX 5523->5524 5524->5522 5526 be5d28 __EH_prolog3_catch 5525->5526 5534 be60f7 5526->5534 5530 be5d7c ??3@YAXPAX 5532 be5d85 5530->5532 5531 be5d4b 5531->5530 5531->5532 5533 be77cb 5 API calls 5531->5533 5532->5458 5533->5531 5535 be5d32 5534->5535 5536 be6105 5534->5536 5541 be75e3 5535->5541 5537 be6118 5536->5537 5538 beca2b 2 API calls 5536->5538 5537->5535 5539 becbe6 std::tr1::_Xmem 2 API calls 5537->5539 5538->5537 5540 be612a 5539->5540 5542 be75ef __EH_prolog3_catch 5541->5542 5543 be7650 5542->5543 5545 be797e 5542->5545 5543->5531 5546 be798a 5545->5546 5547 bdc244 memmove 5546->5547 5548 be7998 5547->5548 5553 be7b35 5548->5553 5550 be79fc 5551 be7b35 10 API calls 5550->5551 5552 be7a0c 5551->5552 5552->5542 5554 be7b41 5553->5554 5561 be65fc 5554->5561 5556 be7b64 5557 be6130 ??3@YAXPAX 5556->5557 5558 be7b8c 5557->5558 5559 be6161 8 API calls 5558->5559 5560 be7b95 5559->5560 5560->5550 5562 beca2b 2 API calls 5561->5562 5563 be6608 5562->5563 5564 becbe6 std::tr1::_Xmem 2 API calls 5563->5564 5566 be660d 5563->5566 5565 be6631 5564->5565 5571 be6e2c 5565->5571 5566->5556 5569 bdc244 memmove 5570 be665e 5569->5570 5570->5556 5572 beca2b 2 API calls 5571->5572 5573 be6e38 5572->5573 5574 be6643 5573->5574 5575 becbe6 std::tr1::_Xmem 2 API calls 5573->5575 5574->5569 5574->5570 5576 be6e62 5575->5576 5578 be0cce 5577->5578 5583 be4c43 5578->5583 5580 be0d16 5581 be4c43 9 API calls 5580->5581 5582 be0d22 5581->5582 5582->5466 5584 be4c4f 5583->5584 5585 be65fc 5 API calls 5584->5585 5586 be4c6a 5585->5586 5587 be6161 8 API calls 5586->5587 5588 be4c8a 5587->5588 5588->5580 5590 be5076 5589->5590 5591 be5031 5589->5591 5590->5158 5592 be507d 5591->5592 5595 be5046 5591->5595 5593 bdc465 2 API calls 5592->5593 5594 be5082 5593->5594 5597 be59db 5595->5597 5598 be59ef 5597->5598 5599 be5a07 5597->5599 5600 be5a51 5598->5600 5602 beca2b 2 API calls 5598->5602 5605 be5a2a ??3@YAXPAX 5599->5605 5606 be5a36 5599->5606 5601 becbe6 std::tr1::_Xmem 2 API calls 5600->5601 5603 be5a56 5601->5603 5604 be5a00 5602->5604 5604->5599 5604->5600 5605->5606 5606->5590 5608 be4fff 5607->5608 5609 be4fc7 5607->5609 5608->5164 5610 be5005 5609->5610 5611 be4fda 5609->5611 5612 bdc465 2 API calls 5610->5612 5614 bdc475 6 API calls 5611->5614 5613 be500a 5612->5613 5614->5608 5616 be4e0c 5615->5616 5618 be4df6 5615->5618 5616->5618 5621 be5735 5616->5621 5618->5175 5619->5177 5620->5177 5622 be579b 5621->5622 5623 be5756 5621->5623 5622->5618 5624 be57a2 5623->5624 5626 be576b 5623->5626 5625 bdc465 2 API calls 5624->5625 5627 be57a7 5625->5627 5629 be5efa 5626->5629 5630 be5f0e 5629->5630 5631 be5f26 5629->5631 5632 be5f70 5630->5632 5634 beca2b 2 API calls 5630->5634 5635 be5f49 ??3@YAXPAX 5631->5635 5636 be5f55 5631->5636 5633 becbe6 std::tr1::_Xmem 2 API calls 5632->5633 5637 be5f75 5633->5637 5638 be5f1f 5634->5638 5635->5636 5636->5622 5644 be566f 5637->5644 5638->5631 5638->5632 5640 be5f8f 5641 be5fc9 5640->5641 5651 be5927 5640->5651 5641->5622 5645 be567d 5644->5645 5646 be5697 5644->5646 5647 be5690 5645->5647 5648 beca2b 2 API calls 5645->5648 5646->5640 5647->5646 5649 becbe6 std::tr1::_Xmem 2 API calls 5647->5649 5648->5647 5650 be56a2 5649->5650 5652 be595b ??3@YAXPAX 5651->5652 5654 be5935 5651->5654 5652->5641 5653 bda107 ??3@YAXPAX 5653->5654 5654->5652 5654->5653 5656 be52fd 5654->5656 5657 be5309 5656->5657 5658 be5331 5656->5658 5659 be531d ??3@YAXPAX 5657->5659 5661 be542f 5657->5661 5658->5654 5659->5658 5662 be543b 5661->5662 5663 be5466 5661->5663 5664 be5452 ??3@YAXPAX 5662->5664 5665 be77cb 5 API calls 5662->5665 5663->5657 5664->5663 5665->5662 5667 bda205 memcpy 5666->5667 5668 bda799 5667->5668 5668->5025 5669->5281 5671 be5583 5670->5671 5672 be560e 5671->5672 5685 be7762 5671->5685 5672->5280 5679 bec82f 5678->5679 5680 bec7e7 __aulldiv 5678->5680 5715 be829a ??0exception@@QAE@ABQBD 5679->5715 5683 bec812 5680->5683 5709 bec9b9 5680->5709 5682 bec83c _CxxThrowException 5683->5279 5686 be65fc 5 API calls 5685->5686 5687 be55e7 5686->5687 5688 be7118 5687->5688 5689 be55f2 5688->5689 5690 be713a 5688->5690 5693 be693d 5689->5693 5691 becc0a 2 API calls 5690->5691 5692 be7144 5691->5692 5696 be6949 __EH_prolog3_catch 5693->5696 5694 be6989 5700 be6ee9 5694->5700 5696->5694 5698 be69dc 5696->5698 5697 be69b7 5697->5672 5706 be7036 5698->5706 5702 be6f04 5700->5702 5701 be6f75 5701->5697 5702->5701 5703 be6161 8 API calls 5702->5703 5704 be6f52 5703->5704 5704->5701 5705 be693d 9 API calls 5704->5705 5705->5704 5707 be704a ??3@YAXPAX 5706->5707 5708 be7067 5706->5708 5707->5708 5708->5697 5710 bec9d4 5709->5710 5712 bec9e8 5709->5712 5716 be7706 5710->5716 5714 bec9e6 5712->5714 5720 be5622 5712->5720 5714->5683 5715->5682 5717 be771b 5716->5717 5718 be7720 5717->5718 5719 be7729 memmove 5717->5719 5718->5714 5719->5718 5721 be565f 5720->5721 5722 be563c 5720->5722 5721->5714 5723 be564c 5722->5723 5724 be5664 5722->5724 5728 be5df7 5723->5728 5725 bdc465 2 API calls 5724->5725 5726 be5669 5725->5726 5729 bdebcd 4 API calls 5728->5729 5730 be5e09 memmove 5729->5730 5731 be5e2d ??3@YAXPAX 5730->5731 5732 be5e36 5730->5732 5731->5732 5732->5721 5733->5297 5734->5308 5735->5308 6310 bed1e0 ??1type_info@@UAE 6311 bed1fb 6310->6311 6312 bed1f4 ??3@YAXPAX 6310->6312 6312->6311 6313 be1b60 6314 be1b9f 6313->6314 6315 be1b84 6313->6315 6317 be1be9 6314->6317 6318 be1330 4 API calls 6314->6318 6316 be1330 4 API calls 6315->6316 6338 be1b97 6316->6338 6319 be1c04 6317->6319 6321 be12f0 4 API calls 6317->6321 6318->6317 6320 be1c49 6319->6320 6322 be0d77 16 API calls 6319->6322 6323 be1490 5 API calls 6320->6323 6321->6319 6322->6320 6324 be1c5e __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 6323->6324 6325 be1370 4 API calls 6324->6325 6327 be1c9b 6325->6327 6326 be1ce0 6340 be170c rand 6326->6340 6327->6326 6327->6338 6339 bda975 QueryPerformanceCounter 6327->6339 6330 be1cf7 6331 be1d0e ReadFileEx 6330->6331 6332 be1d41 6330->6332 6336 be1d68 6331->6336 6333 bdc075 rand 6332->6333 6334 be1d5f WriteFileEx 6333->6334 6334->6336 6335 be1d7d GetLastError 6337 be1330 4 API calls 6335->6337 6336->6335 6336->6338 6337->6338 6339->6326 6340->6330 6341 bdfa62 6368 be06e9 6341->6368 6344 bdfbe8 6345 be06e9 12 API calls 6346 bdfaac 6345->6346 6346->6344 6347 be06e9 12 API calls 6346->6347 6348 bdfacf 6347->6348 6348->6344 6349 be06e9 12 API calls 6348->6349 6350 bdfaf2 6349->6350 6350->6344 6351 be06e9 12 API calls 6350->6351 6352 bdfb15 6351->6352 6352->6344 6353 be0a84 12 API calls 6352->6353 6354 bdfb38 6353->6354 6354->6344 6355 be0a84 12 API calls 6354->6355 6356 bdfb5b 6355->6356 6356->6344 6357 be0a84 12 API calls 6356->6357 6358 bdfb7e 6357->6358 6358->6344 6359 be0a84 12 API calls 6358->6359 6360 bdfb9d 6359->6360 6360->6344 6361 be06e9 12 API calls 6360->6361 6362 bdfbbc 6361->6362 6362->6344 6378 be0475 6362->6378 6369 be06f5 __EH_prolog3_GS 6368->6369 6370 bdf15e 9 API calls 6369->6370 6371 be070e 6370->6371 6372 be076f VariantClear 6371->6372 6377 be0757 _wtoi SysFreeString 6371->6377 6373 bdf72b 4 API calls 6372->6373 6374 be0781 6373->6374 6375 bed100 4 API calls 6374->6375 6376 bdfa83 6375->6376 6376->6344 6376->6345 6377->6372 6379 be0481 __EH_prolog3_GS 6378->6379 6380 bdf15e 9 API calls 6379->6380 6387 be049c 6380->6387 6381 be055b VariantClear 6382 bdf72b 4 API calls 6381->6382 6383 be056d 6382->6383 6384 bed100 4 API calls 6383->6384 6385 bdfbd2 6384->6385 6385->6344 6391 be057c 6385->6391 6386 bdf72b 4 API calls 6386->6387 6387->6381 6387->6386 6388 be052c _wtoi 6387->6388 6420 bdca4a 6388->6420 6392 be0588 __EH_prolog3_GS 6391->6392 6393 bdf15e 9 API calls 6392->6393 6401 be05a3 6393->6401 6394 be06c8 VariantClear 6395 bdf72b 4 API calls 6394->6395 6396 be06da 6395->6396 6397 bed100 4 API calls 6396->6397 6398 bdfbdd 6397->6398 6398->6344 6407 bdfbf6 6398->6407 6399 bdf72b 4 API calls 6399->6401 6400 be0790 12 API calls 6400->6401 6401->6394 6401->6399 6401->6400 6406 bdca4a 7 API calls 6401->6406 6432 bed7cd __iob_func 6401->6432 6433 bed7cd __iob_func 6401->6433 6403 be0668 fprintf 6403->6401 6405 be0690 fprintf 6405->6401 6406->6401 6408 bdfc05 __EH_prolog3_GS 6407->6408 6409 bdf15e 9 API calls 6408->6409 6410 bdfc24 6409->6410 6411 bdfd0a 6410->6411 6416 bdf72b 4 API calls 6410->6416 6419 bd9cf3 2 API calls 6410->6419 6434 bdfffd 6410->6434 6498 bdca85 6410->6498 6412 bdf72b 4 API calls 6411->6412 6413 bdfd15 VariantClear 6412->6413 6414 bed100 4 API calls 6413->6414 6415 bdfd29 6414->6415 6415->6344 6416->6410 6419->6410 6421 bdca5b 6420->6421 6423 bdca63 SysFreeString 6420->6423 6424 bdec98 6421->6424 6423->6387 6425 bdecab 6424->6425 6426 bdece2 6424->6426 6427 bdece6 6425->6427 6430 bdecbf 6425->6430 6426->6423 6428 bdc465 2 API calls 6427->6428 6429 bdeceb 6428->6429 6431 bdecf1 5 API calls 6430->6431 6431->6426 6432->6403 6433->6405 6435 be0009 __EH_prolog3_GS 6434->6435 6515 be086d 6435->6515 6438 be0430 6440 bda1b9 2 API calls 6438->6440 6439 be0072 6533 be0a54 6439->6533 6443 be0466 6440->6443 6441 bdc26e memcpy 6444 be004b 6441->6444 6446 bed100 4 API calls 6443->6446 6447 be0062 6444->6447 6449 bda205 memcpy 6444->6449 6448 be046d 6446->6448 6450 bda1b9 2 API calls 6447->6450 6448->6410 6449->6447 6450->6439 6453 be0a84 12 API calls 6454 be00d3 6453->6454 6454->6438 6455 be09aa 12 API calls 6454->6455 6456 be00f7 6455->6456 6456->6438 6457 be0a84 12 API calls 6456->6457 6458 be0121 6457->6458 6458->6438 6459 be0a84 12 API calls 6458->6459 6460 be0148 6459->6460 6460->6438 6461 be0a84 12 API calls 6460->6461 6462 be016f 6461->6462 6462->6438 6463 be0a84 12 API calls 6462->6463 6464 be0196 6463->6464 6464->6438 6465 be0a54 12 API calls 6464->6465 6466 be01bd 6465->6466 6466->6438 6467 be09aa 12 API calls 6466->6467 6468 be01e1 6467->6468 6468->6438 6469 be0a84 12 API calls 6468->6469 6471 be0211 6469->6471 6470 be0a84 12 API calls 6472 be023c 6470->6472 6471->6438 6471->6470 6472->6438 6473 be0a84 12 API calls 6472->6473 6474 be0269 6473->6474 6474->6438 6475 be0a84 12 API calls 6474->6475 6476 be0294 6475->6476 6476->6438 6547 bdfe7d 6476->6547 6479 be0a54 12 API calls 6480 be02d0 6479->6480 6480->6438 6481 be0a54 12 API calls 6480->6481 6482 be02f8 6481->6482 6482->6438 6483 be0a54 12 API calls 6482->6483 6484 be0323 6483->6484 6484->6438 6485 be0a54 12 API calls 6484->6485 6486 be034a 6485->6486 6486->6438 6487 be09aa 12 API calls 6486->6487 6488 be036e 6487->6488 6488->6438 6489 be09aa 12 API calls 6488->6489 6490 be039c 6489->6490 6490->6438 6491 be06e9 12 API calls 6490->6491 6492 be03c6 6491->6492 6492->6438 6493 be0a84 12 API calls 6492->6493 6494 be03ea 6493->6494 6494->6438 6495 be09aa 12 API calls 6494->6495 6496 be040a 6495->6496 6496->6438 6497 be06e9 12 API calls 6496->6497 6497->6438 6499 bdca94 __EH_prolog3_GS 6498->6499 6500 bda7ef memcpy 6499->6500 6501 bdcaa5 6500->6501 6502 bdcaeb 6501->6502 6503 bdcab6 6501->6503 6504 bdcaf8 6502->6504 6506 bdea9a 13 API calls 6502->6506 6505 bdcad1 6503->6505 6599 bdea9a 6503->6599 6507 bdcae6 6504->6507 6509 bdee7b memmove 6504->6509 6505->6507 6618 bdee7b 6505->6618 6506->6504 6511 bd9cf3 2 API calls 6507->6511 6509->6507 6512 bdcb17 6511->6512 6513 bed100 4 API calls 6512->6513 6514 bdcb1c 6513->6514 6514->6410 6516 be087c __EH_prolog3_GS 6515->6516 6517 bdf15e 9 API calls 6516->6517 6522 be08a5 6517->6522 6518 be0983 VariantClear 6519 bdf72b 4 API calls 6518->6519 6520 be099b 6519->6520 6521 bed100 4 API calls 6520->6521 6523 be0030 6521->6523 6522->6518 6524 be08ff memset 6522->6524 6525 be0977 SysFreeString 6522->6525 6523->6438 6523->6439 6523->6441 6526 be091f 6524->6526 6525->6518 6526->6526 6527 be092a WideCharToMultiByte 6526->6527 6528 bda144 2 API calls 6527->6528 6529 be0961 6528->6529 6530 bdea01 3 API calls 6529->6530 6531 be0969 6530->6531 6532 bda1b9 2 API calls 6531->6532 6532->6525 6534 be06e9 12 API calls 6533->6534 6535 be0081 6534->6535 6535->6438 6536 be09aa 6535->6536 6537 be09b6 __EH_prolog3_GS 6536->6537 6538 bdf15e 9 API calls 6537->6538 6543 be09cf 6538->6543 6539 be0a33 VariantClear 6540 bdf72b 4 API calls 6539->6540 6541 be0a45 6540->6541 6542 bed100 4 API calls 6541->6542 6544 be00a5 6542->6544 6543->6539 6545 be0a2a SysFreeString 6543->6545 6546 be0a18 _wtoi64 6543->6546 6544->6438 6544->6453 6545->6539 6546->6545 6548 bdfe89 __EH_prolog3_GS 6547->6548 6549 bdf15e 9 API calls 6548->6549 6555 bdfeaa 6549->6555 6550 bdffdc VariantClear 6551 bdf72b 4 API calls 6550->6551 6552 bdffee 6551->6552 6553 bed100 4 API calls 6552->6553 6554 bdfff5 6553->6554 6554->6438 6554->6479 6555->6550 6556 bdffd4 6555->6556 6557 be086d 18 API calls 6555->6557 6558 bdf72b 4 API calls 6556->6558 6561 bdff4b 6557->6561 6558->6550 6559 bdff92 6560 bda1b9 2 API calls 6559->6560 6560->6556 6561->6559 6569 bdc383 6561->6569 6563 bdff70 6563->6559 6564 bdc383 memcmp 6563->6564 6565 bdff8e 6564->6565 6565->6559 6566 bdc383 memcmp 6565->6566 6567 bdffb2 6566->6567 6567->6559 6573 bdfd31 6567->6573 6570 bdc391 6569->6570 6571 bdc3bb 6570->6571 6572 bdc3aa memcmp 6570->6572 6571->6563 6572->6571 6574 bdfd3d __EH_prolog3_GS 6573->6574 6575 bdf15e 9 API calls 6574->6575 6581 bdfd5e 6575->6581 6576 bdfe5c VariantClear 6577 bdf72b 4 API calls 6576->6577 6578 bdfe6e 6577->6578 6579 bed100 4 API calls 6578->6579 6580 bdfe75 6579->6580 6580->6559 6581->6576 6582 bdfe54 6581->6582 6584 be09aa 12 API calls 6581->6584 6583 bdf72b 4 API calls 6582->6583 6583->6576 6585 bdfdea 6584->6585 6585->6582 6586 be086d 18 API calls 6585->6586 6587 bdfe2a 6586->6587 6588 bdfe49 6587->6588 6590 bdc26e memcpy 6587->6590 6589 bda1b9 2 API calls 6588->6589 6589->6582 6591 bdfe42 6590->6591 6593 bdc9c7 6591->6593 6594 bdc9d3 6593->6594 6595 bdc9ee 6594->6595 6596 bda205 memcpy 6594->6596 6597 bda1b9 2 API calls 6595->6597 6596->6595 6598 bdc9fa 6597->6598 6598->6588 6600 bdeab8 6599->6600 6601 bdeafa 6599->6601 6602 bdeb00 6600->6602 6605 bdeacd 6600->6605 6601->6505 6603 bdc465 2 API calls 6602->6603 6604 bdeb05 6603->6604 6606 bdebc2 6604->6606 6608 beca2b 2 API calls 6604->6608 6615 bdeb46 6604->6615 6623 bdec03 6605->6623 6609 becbe6 std::tr1::_Xmem 2 API calls 6606->6609 6610 bdeb3c 6608->6610 6611 bdebc7 6609->6611 6610->6606 6610->6615 6612 bdeba6 6612->6505 6613 bdeb9d ??3@YAXPAX 6613->6612 6614 bda107 ??3@YAXPAX 6614->6615 6615->6612 6615->6613 6615->6614 6616 bda17a 3 API calls 6615->6616 6617 bdeb94 6615->6617 6616->6615 6617->6613 6619 bdc244 memmove 6618->6619 6620 bdee8d 6619->6620 6621 bdc244 memmove 6620->6621 6622 bdef9b 6621->6622 6622->6507 6624 bdc4f6 4 API calls 6623->6624 6625 bdec1b 6624->6625 6632 bdeda9 6625->6632 6627 bdec70 6627->6601 6628 bdec67 ??3@YAXPAX 6628->6627 6629 bdec30 6629->6627 6629->6628 6630 bd9cf3 2 API calls 6629->6630 6631 bdec61 6629->6631 6630->6629 6631->6628 6633 bdedb8 6632->6633 6634 bdedd6 6633->6634 6635 bdee7b memmove 6633->6635 6634->6629 6635->6633 6636 be4add 6637 be4afc 6636->6637 6638 be4b12 6636->6638 6642 be538e 6637->6642 6640 be4b10 6638->6640 6651 be5339 6638->6651 6643 be53a9 6642->6643 6646 be53ce 6642->6646 6643->6646 6650 be53b0 6643->6650 6644 be53ef 6645 be53c4 6644->6645 6649 be542f 6 API calls 6644->6649 6645->6640 6646->6644 6646->6645 6659 be6b9a 6646->6659 6648 be542f 6 API calls 6648->6650 6649->6644 6650->6645 6650->6648 6652 be537c 6651->6652 6653 be5358 6651->6653 6652->6640 6654 be536a 6653->6654 6655 be5383 6653->6655 6663 be5c3f 6654->6663 6656 bdc465 2 API calls 6655->6656 6657 be5388 6656->6657 6660 be6baa 6659->6660 6662 be6baf 6659->6662 6661 be542f 6 API calls 6660->6661 6661->6662 6662->6646 6670 be60c1 6663->6670 6665 be5cac 6665->6652 6666 be5ca3 ??3@YAXPAX 6666->6665 6667 be542f 6 API calls 6668 be5c57 6667->6668 6668->6665 6668->6666 6668->6667 6669 be5c9d 6668->6669 6669->6666 6671 be60cf 6670->6671 6672 be60e6 6670->6672 6673 beca2b 2 API calls 6671->6673 6675 be60df 6671->6675 6672->6668 6673->6675 6674 becbe6 std::tr1::_Xmem 2 API calls 6676 be60f1 6674->6676 6675->6672 6675->6674 6677 be74d8 6678 bda107 ??3@YAXPAX 6677->6678 6679 be74ec 6678->6679 6680 be52fd 7 API calls 6679->6680 6681 be74f7 6680->6681 6682 be0b58 6683 be0b74 6682->6683 6684 be0b9e 6682->6684 6685 be0b84 memmove 6683->6685 6687 be0b7b 6683->6687 6684->6687 6688 be0be3 6684->6688 6685->6687 6689 be0bfd 6688->6689 6690 be0c33 6688->6690 6691 be0c39 6689->6691 6693 be0c0f 6689->6693 6690->6687 6692 bdc465 2 API calls 6691->6692 6694 be0c3e 6692->6694 6696 be0c44 6693->6696 6697 be0c58 6696->6697 6698 be0c70 memmove 6696->6698 6701 be0cb7 6697->6701 6703 beca2b 2 API calls 6697->6703 6699 be0c9d 6698->6699 6700 be0c94 ??3@YAXPAX 6698->6700 6699->6690 6700->6699 6702 becbe6 std::tr1::_Xmem 2 API calls 6701->6702 6704 be0cbc 6702->6704 6705 be0c69 6703->6705 6705->6698 6705->6701 6706 bed056 6709 becfb8 6706->6709 6710 becfc4 6709->6710 6711 becfeb _lock __dllonexit 6710->6711 6712 becfd5 _onexit 6710->6712 6718 bed048 _unlock 6711->6718 6715 bed03d 6712->6715 6716 bed5b4 4 API calls 6715->6716 6717 bed044 6716->6717 6718->6715 6719 be6fd6 6720 be6feb 6719->6720 6721 be7036 ??3@YAXPAX 6720->6721 6722 be7028 6721->6722 6723 bd9b50 6724 bd9b7d 6723->6724 6725 becfa0 4 API calls 6724->6725 6726 bd9b94 6725->6726 6728 bed5d0 _except_handler4_common 6729 bea5cd 6733 bea8a9 6729->6733 6734 bea5e0 _CIsqrt 6733->6734 6735 bea8c3 6733->6735 6735->6734 6738 be82c3 ??0exception@@QAE@ABQBD 6735->6738 6737 bea933 _CxxThrowException 6738->6737 6739 bebb4b 6740 bebb6e 6739->6740 6741 be834c 8 API calls 6740->6741 6742 bebc6a 6740->6742 6741->6740 4884 bdb845 4885 bdb862 4884->4885 4932 bda144 4885->4932 4888 bdb8ce 4936 bdc52f 4888->4936 4890 bdb8e0 4891 bdc52f ??0exception@@QAE@ABQBD _CxxThrowException 4890->4891 4892 bdb90c 4891->4892 4893 bdc52f ??0exception@@QAE@ABQBD _CxxThrowException 4892->4893 4894 bdb92c 4893->4894 4896 bdc52f ??0exception@@QAE@ABQBD _CxxThrowException 4894->4896 4897 bdb961 4894->4897 4895 bdbaeb 4898 bdc52f ??0exception@@QAE@ABQBD _CxxThrowException 4895->4898 4896->4897 4897->4895 4899 bdc52f ??0exception@@QAE@ABQBD _CxxThrowException 4897->4899 4903 bdbb00 4898->4903 4902 bdb98b 4899->4902 4900 bdbb42 4905 bdc52f ??0exception@@QAE@ABQBD _CxxThrowException 4900->4905 4901 bdb41d 33 API calls 4901->4903 4904 bdc52f ??0exception@@QAE@ABQBD _CxxThrowException 4902->4904 4903->4900 4903->4901 4907 bda1b9 memcpy ??3@YAXPAX 4903->4907 4909 bdb9ab 4904->4909 4906 bdbb57 4905->4906 4908 bdc52f ??0exception@@QAE@ABQBD _CxxThrowException 4906->4908 4907->4903 4910 bdbb6c 4908->4910 4911 bdc52f ??0exception@@QAE@ABQBD _CxxThrowException 4909->4911 4912 becfa0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 4910->4912 4914 bdb9cb 4911->4914 4913 bdbb86 4912->4913 4915 bdc52f ??0exception@@QAE@ABQBD _CxxThrowException 4914->4915 4916 bdb9eb 4915->4916 4917 bdc52f ??0exception@@QAE@ABQBD _CxxThrowException 4916->4917 4918 bdba0b 4917->4918 4919 bdc52f ??0exception@@QAE@ABQBD _CxxThrowException 4918->4919 4920 bdba2b 4919->4920 4921 bdc52f ??0exception@@QAE@ABQBD _CxxThrowException 4920->4921 4922 bdba4b 4921->4922 4923 bdc52f ??0exception@@QAE@ABQBD _CxxThrowException 4922->4923 4924 bdba6b 4923->4924 4925 bdc52f ??0exception@@QAE@ABQBD _CxxThrowException 4924->4925 4926 bdba8b 4925->4926 4927 bdc52f ??0exception@@QAE@ABQBD _CxxThrowException 4926->4927 4928 bdbaab 4927->4928 4929 bdc52f ??0exception@@QAE@ABQBD _CxxThrowException 4928->4929 4930 bdbacb 4929->4930 4931 bdc52f ??0exception@@QAE@ABQBD _CxxThrowException 4930->4931 4931->4895 4933 bda162 4932->4933 4943 bda3ca 4933->4943 4937 bdc542 4936->4937 4955 bda44a 4937->4955 4944 bda3dc 4943->4944 4945 bda3e0 4944->4945 4946 bda3fc 4944->4946 4950 bda205 4945->4950 4948 bda41e memcpy 4946->4948 4949 bda16e sprintf_s 4946->4949 4948->4949 4949->4888 4951 bda291 4950->4951 4953 bda21c 4950->4953 4952 bda22a 4952->4949 4953->4952 4954 bda265 memcpy 4953->4954 4954->4952 4958 becc0a 4955->4958 4961 becae8 ??0exception@@QAE@ABQBD 4958->4961 4960 becc1d _CxxThrowException 4961->4960 4962 be1446 4963 be1471 NtQuerySystemInformation 4962->4963 4964 becfa0 4 API calls 4963->4964 4965 be1485 4964->4965 6743 bdcec4 130 API calls 6744 bec8c7 6746 bec8da 6744->6746 6745 bec8e0 6746->6745 6747 bec92c _CIsqrt 6746->6747 6747->6745 6748 be83c7 6749 be83d7 6748->6749 6750 be834c 8 API calls 6749->6750 6751 be8436 6750->6751 6752 bde8c7 6753 bde8f3 6752->6753 6759 bde901 6752->6759 6754 bde929 6753->6754 6755 bde8fb 6753->6755 6757 bdc465 2 API calls 6754->6757 6756 bdebcd 4 API calls 6755->6756 6756->6759 6758 bde92e 6757->6758 6760 bde98f 6758->6760 6761 bde950 6758->6761 6762 bde99c 6760->6762 6764 bdea9a 13 API calls 6760->6764 6763 bde96b 6761->6763 6765 bdea9a 13 API calls 6761->6765 6766 bda7ef memcpy 6762->6766 6768 bde98a 6762->6768 6767 bda7ef memcpy 6763->6767 6763->6768 6764->6762 6765->6763 6766->6768 6767->6768 6769 bea644 6770 bea6e9 6769->6770 6771 bea660 6769->6771 6793 be8257 ??0exception@@QAE@ABQBD 6770->6793 6771->6770 6772 bea66b 6771->6772 6784 bea948 6772->6784 6776 bea745 6777 bea6d3 6794 be829a ??0exception@@QAE@ABQBD 6777->6794 6778 bea6d5 6790 bea878 6778->6790 6779 bea68e 6779->6777 6779->6778 6782 bea6f8 _CxxThrowException 6782->6776 6783 bea6df 6785 bea954 6784->6785 6795 beaa15 6785->6795 6788 bea992 6788->6779 6789 bea96b 6789->6788 6801 beaa45 6789->6801 6835 bea9d8 6790->6835 6793->6782 6794->6782 6796 beca2b 2 API calls 6795->6796 6797 beaa1c 6796->6797 6798 beaa25 6797->6798 6808 beca88 ??0exception@@QAE@ABQBDH 6797->6808 6798->6789 6800 becbf6 _CxxThrowException 6806 beaa51 __EH_prolog3_catch 6801->6806 6802 beaa61 6809 beabaa 6802->6809 6804 beab59 6818 beacd3 6804->6818 6806->6802 6806->6804 6807 beaa73 6807->6789 6808->6800 6810 beacc3 6809->6810 6811 beabc1 6809->6811 6812 becc0a 2 API calls 6810->6812 6822 bead87 6811->6822 6815 beaccd __EH_prolog3_catch 6812->6815 6814 beabc9 6814->6807 6816 beabaa 13 API calls 6815->6816 6817 bead37 6815->6817 6816->6817 6817->6807 6819 beacdf __EH_prolog3_catch 6818->6819 6820 beabaa 13 API calls 6819->6820 6821 bead37 6819->6821 6820->6821 6821->6807 6825 beadba 6822->6825 6824 bead92 6824->6814 6826 beca2b 2 API calls 6825->6826 6827 beadc6 6826->6827 6828 beadcd 6827->6828 6829 becbe6 std::tr1::_Xmem 2 API calls 6827->6829 6828->6824 6830 beadf0 sprintf_s 6829->6830 6831 bda144 2 API calls 6830->6831 6832 beae32 6831->6832 6833 becfa0 4 API calls 6832->6833 6834 beae3f 6833->6834 6834->6824 6836 bea9ed 6835->6836 6837 bea887 ??3@YAXPAX 6835->6837 6838 bea9f7 ??3@YAXPAX 6836->6838 6837->6783 6838->6836 6838->6837 6839 be49c4 6840 be49de 6839->6840 6841 be49ea 6839->6841 6840->6841 6842 be4a9b ??3@YAXPAX 6840->6842 6843 be4aa3 6840->6843 6842->6843 6844 be5238 8 API calls 6843->6844 6844->6841 6845 bec944 6846 bec97a 6845->6846 6847 bec969 6845->6847 6848 bec9b9 9 API calls 6847->6848 6848->6846 6849 be6a45 6850 be6a5f 6849->6850 6851 be6a55 6849->6851 6853 be6b75 6850->6853 6854 bda205 memcpy 6850->6854 6852 bda205 memcpy 6851->6852 6852->6850 6854->6853 6855 bdaac1 sprintf_s 6856 bda144 2 API calls 6855->6856 6857 bdab04 6856->6857 6858 becfa0 4 API calls 6857->6858 6859 bdab11 6858->6859 6860 be8442 6861 be834c 8 API calls 6860->6861 6862 be8455 6861->6862 6863 be834c 8 API calls 6862->6863 6864 be8460 6863->6864 6865 be834c 8 API calls 6864->6865 6866 be846b 6865->6866 6867 be834c 8 API calls 6866->6867 6868 be8476 6867->6868 6869 be834c 8 API calls 6868->6869 6870 be8481 6869->6870 6871 be834c 8 API calls 6870->6871 6872 be84a1 6871->6872 6873 be834c 8 API calls 6872->6873 6874 be84b2 6873->6874 6875 be834c 8 API calls 6874->6875 6876 be84c0 6875->6876 6877 be834c 8 API calls 6876->6877 6878 be84ce 6877->6878 6879 be834c 8 API calls 6878->6879 6880 be84dc 6879->6880 6881 bdd640 6882 bdd65d 6881->6882 6901 bdd656 6881->6901 6883 bdd70d 6882->6883 6884 bdd7a9 6882->6884 6888 bdca4a 7 API calls 6882->6888 6892 bdd70b 6882->6892 6882->6901 6905 bed7cd __iob_func 6883->6905 6909 bed7cd __iob_func 6884->6909 6887 bdd759 6889 bdd7a2 6887->6889 6893 bdd7e1 6887->6893 6907 bed7cd __iob_func 6887->6907 6888->6882 6910 bed7cd __iob_func 6889->6910 6890 bdd71a fprintf 6890->6892 6891 bdd7b5 fprintf 6891->6892 6892->6887 6906 bed7cd __iob_func 6892->6906 6897 bdca4a 7 API calls 6893->6897 6896 bdd74c fprintf 6896->6887 6897->6901 6898 bdd775 fprintf 6898->6889 6902 bdd787 6898->6902 6900 bdd7d3 fprintf 6900->6893 6900->6901 6908 bed7cd __iob_func 6902->6908 6904 bdd793 fprintf 6904->6889 6904->6902 6905->6890 6906->6896 6907->6898 6908->6904 6909->6891 6910->6900 6911 bd9d40 vprintf

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 00BE1F60 Relevance: 116.5, APIs: 35, Strings: 31, Instructions: 1033filesynchronizationthreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00BE1F6A
                                                                                                                                                                                                                                                    • srand.MSVCRT ref: 00BE1FFE
                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 00BE2066
                                                                                                                                                                                                                                                    • SetThreadGroupAffinity.KERNELBASE(00000000,?,00000000), ref: 00BE2073
                                                                                                                                                                                                                                                    • atoi.MSVCRT ref: 00BE212D
                                                                                                                                                                                                                                                    • sprintf_s.MSVCRT ref: 00BE2146
                                                                                                                                                                                                                                                    • isalpha.MSVCRT ref: 00BE2161
                                                                                                                                                                                                                                                    • sprintf_s.MSVCRT ref: 00BE2188
                                                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(?,-C0000001,00000003,00000000,00000003,00000080,00000000,?), ref: 00BE223D
                                                                                                                                                                                                                                                    • SetFileInformationByHandle.KERNEL32(?,0000000C,?,00000004), ref: 00BE22EC
                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(?,?), ref: 00BE2338
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BE234B
                                                                                                                                                                                                                                                    • __aulldiv.LIBCMT ref: 00BE24C2
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BE26CF
                                                                                                                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000010,00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 00BE2707
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 00BE2715
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BE2744
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000001,00000000), ref: 00BE2785
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BE27FD
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 00BE2856
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 00BE2861
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000004,?,?,?), ref: 00BE28F9
                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000010,00000001,00000004,?,00000000,?,00000004,?,?,?), ref: 00BE2955
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000010,00000000,00000000,00000000,00000004,?,00000000,?,00000004,?,?,?), ref: 00BE2979
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BE2A57
                                                                                                                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000010,00000000,?,00000000,00000000), ref: 00BE2A8F
                                                                                                                                                                                                                                                      • Part of subcall function 00BE813D: GetTickCount64.KERNEL32 ref: 00BE8148
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BE2ACE
                                                                                                                                                                                                                                                    • CreateIoCompletionPort.KERNELBASE(00000010,?,00000000,00000001,?,?), ref: 00BE2B1D
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BE2B42
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BE2C72
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,00000001,?,?), ref: 00BE2D1E
                                                                                                                                                                                                                                                    • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00BE2D95
                                                                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 00BE2DAA
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00BE2DC3
                                                                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00BE2DD1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • thread %u started (random seed: %u), xrefs: 00BE254C
                                                                                                                                                                                                                                                    • Waiting for a signal to start failed (error code: %u), xrefs: 00BE2868
                                                                                                                                                                                                                                                    • SeLockMemoryPrivilege, xrefs: 00BE20BC
                                                                                                                                                                                                                                                    • Warning - file size is less than MaxFileSize, xrefs: 00BE2389
                                                                                                                                                                                                                                                    • t[%u:%u] error during %s error code: %u), xrefs: 00BE2ADE
                                                                                                                                                                                                                                                    • \\.\PhysicalDrive%u, xrefs: 00BE2134
                                                                                                                                                                                                                                                    • t[%u:%u] initial I/O op at %I64u (starting in block: %I64u), xrefs: 00BE2C93
                                                                                                                                                                                                                                                    • Error getting file size, xrefs: 00BE2756
                                                                                                                                                                                                                                                    • \\.\%c:, xrefs: 00BE2176
                                                                                                                                                                                                                                                    • FATAL ERROR: Could not allocate a buffer bytes for target '%s'. Error code: 0x%x, xrefs: 00BE278D
                                                                                                                                                                                                                                                    • thread %u: waiting for a signal to start, xrefs: 00BE283C, 00BE2D04
                                                                                                                                                                                                                                                    • t[%u] initial I/O op at %I64u (starting in block: %I64u), xrefs: 00BE26E9
                                                                                                                                                                                                                                                    • Error setting file pointer. Error code: %d., xrefs: 00BE271C
                                                                                                                                                                                                                                                    • The file is too small. File: '%s' relative thread %u size: %I64u, base offset: %I64u block size: %u, xrefs: 00BE27D3
                                                                                                                                                                                                                                                    • thread %u starting: file '%s' relative thread %u file offset: %I64u (starting in block: %I64u), xrefs: 00BE24E2
                                                                                                                                                                                                                                                    • Warning: thread %u transfered %u bytes instead of %u bytes, xrefs: 00BE29A2
                                                                                                                                                                                                                                                    • The file is too small or there has been an error during getting file size, xrefs: 00BE2762
                                                                                                                                                                                                                                                    • Error opening file: %s [%u], xrefs: 00BE2805
                                                                                                                                                                                                                                                    • Failed to disable local caching (error %u). NOTE: only supported on remote filesystems with Windows 8 or newer., xrefs: 00BE2727
                                                                                                                                                                                                                                                    • thread %u: received signal to start, xrefs: 00BE287A, 00BE2D35
                                                                                                                                                                                                                                                    • write, xrefs: 00BE2AC9, 00BE2AD5
                                                                                                                                                                                                                                                    • unable to create IO completion port (error code: %u), xrefs: 00BE2B49
                                                                                                                                                                                                                                                    • affinitizing thread %u to Group %u / CPU %u, xrefs: 00BE2032
                                                                                                                                                                                                                                                    • FATAL ERROR: invalid filename, xrefs: 00BE282A
                                                                                                                                                                                                                                                    • ERROR:, xrefs: 00BE20B7
                                                                                                                                                                                                                                                    • read, xrefs: 00BE2AC2
                                                                                                                                                                                                                                                    • Error setting IO priority for file: %s [%u], xrefs: 00BE274C
                                                                                                                                                                                                                                                    • Error setting affinity mask in thread %u, xrefs: 00BE2083
                                                                                                                                                                                                                                                    • thread %u: Error setting file pointer, xrefs: 00BE2AB1
                                                                                                                                                                                                                                                    • thread %u starting: file '%s' relative thread %u random pattern, xrefs: 00BE2474
                                                                                                                                                                                                                                                    • t[%u] new I/O op at %I64u (starting in block: %I64u), xrefs: 00BE2A71
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$File$Unothrow_t@std@@@__ehfuncinfo$??2@$CloseCreateHandleObjectPointerSingleThreadWaitsprintf_s$??3@AffinityChangeCompletionCount64CurrentFindFreeGroupH_prolog3_InformationNotificationPortReadSizeSleepTickVirtualWrite__aulldivatoiisalphasrand
                                                                                                                                                                                                                                                    • String ID: ERROR:$Error getting file size$Error opening file: %s [%u]$Error setting IO priority for file: %s [%u]$Error setting affinity mask in thread %u$Error setting file pointer. Error code: %d.$FATAL ERROR: Could not allocate a buffer bytes for target '%s'. Error code: 0x%x$FATAL ERROR: invalid filename$Failed to disable local caching (error %u). NOTE: only supported on remote filesystems with Windows 8 or newer.$SeLockMemoryPrivilege$The file is too small or there has been an error during getting file size$The file is too small. File: '%s' relative thread %u size: %I64u, base offset: %I64u block size: %u$Waiting for a signal to start failed (error code: %u)$Warning - file size is less than MaxFileSize$Warning: thread %u transfered %u bytes instead of %u bytes$\\.\%c:$\\.\PhysicalDrive%u$affinitizing thread %u to Group %u / CPU %u$read$t[%u:%u] error during %s error code: %u)$t[%u:%u] initial I/O op at %I64u (starting in block: %I64u)$t[%u] initial I/O op at %I64u (starting in block: %I64u)$t[%u] new I/O op at %I64u (starting in block: %I64u)$thread %u started (random seed: %u)$thread %u starting: file '%s' relative thread %u file offset: %I64u (starting in block: %I64u)$thread %u starting: file '%s' relative thread %u random pattern$thread %u: Error setting file pointer$thread %u: received signal to start$thread %u: waiting for a signal to start$unable to create IO completion port (error code: %u)$write
                                                                                                                                                                                                                                                    • API String ID: 2250426-2870866691
                                                                                                                                                                                                                                                    • Opcode ID: 67c29a333741dd20b3ff896b67d196c2bcc65d6f492c69720c717f308722c78a
                                                                                                                                                                                                                                                    • Instruction ID: 623a5e59bd9fdb31d48d7beb9c8a419aa5b7c7de21d180491269cda7c5efb79b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67c29a333741dd20b3ff896b67d196c2bcc65d6f492c69720c717f308722c78a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D928D709002949FDF25CF65CC81BA9BBF9EF05310F1481E9E949AB292DB719D84CF60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE1175 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 82COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000020,000000FF,000000B8,?,?), ref: 00BE119B
                                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,?,?), ref: 00BE11A2
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?), ref: 00BE11AC
                                                                                                                                                                                                                                                    • LookupPrivilegeValueA.ADVAPI32(00000000,SeLockMemoryPrivilege,?), ref: 00BE11D4
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?), ref: 00BE11DE
                                                                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(000000FF,?,?), ref: 00BE1232
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLastProcess$ChangeCloseCurrentFindLookupNotificationOpenPrivilegeTokenValue
                                                                                                                                                                                                                                                    • String ID: %s Error adjusting token privileges for %s (error code: %u)$%s Error looking up privilege value %s (error code: %u)$%s Error opening process token (error code: %u)$ERROR:$SeLockMemoryPrivilege
                                                                                                                                                                                                                                                    • API String ID: 3977855488-962059016
                                                                                                                                                                                                                                                    • Opcode ID: d53d7d445ce19994c9bcf548d22e86738aaef2e3eacc1c57fc4f5c646117fc09
                                                                                                                                                                                                                                                    • Instruction ID: ed27a9f731b16710bdd91040612959d705ba8dedd3e5bac020e6619845812cb7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d53d7d445ce19994c9bcf548d22e86738aaef2e3eacc1c57fc4f5c646117fc09
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB218371600245BFEB149BBA9C4EEBF7BBDEB41351B100569B616D3190EF304905CAB5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE1446 Relevance: 1.5, APIs: 1, Instructions: 27nativeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 945 be1446-be1480 NtQuerySystemInformation call becfa0 948 be1485-be1488 945->948
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • NtQuerySystemInformation.NTDLL ref: 00BE1471
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3562636166-0
                                                                                                                                                                                                                                                    • Opcode ID: 3cf2da18307e9d50878af9d01cf9155ddd89ff6a31fe87f1d11b935a450595fe
                                                                                                                                                                                                                                                    • Instruction ID: 13d41d50ab5eebb7ff29f887c507de2a43653339bb67ac16c9ac6a54a00a94be
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3cf2da18307e9d50878af9d01cf9155ddd89ff6a31fe87f1d11b935a450595fe
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69E09B31600118FBD704DF59DC12FAE7B9CEB48310F018459B816DB190CE316D10DB94
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BDAB1C Relevance: 105.5, APIs: 14, Strings: 46, Instructions: 517COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 343 bdab1c-bdac55 call bedb30 call bda144 call bdc681 call bdc716 call bdc5d8 call bda1b9 * 2 sprintf_s call bd9ab6 call bdc52f sprintf_s call bd9ab6 call bdc52f 366 bdac5c-bdac83 call bd9ab6 call bdc52f 343->366 367 bdac57 343->367 372 bdac8a-bdacb1 call bd9ab6 call bdc52f 366->372 373 bdac85 366->373 367->366 378 bdacb8-bdacdf call bd9ab6 call bdc52f 372->378 379 bdacb3 372->379 373->372 384 bdace6-bdacfc call bd9ab6 call bdc52f 378->384 385 bdace1 378->385 379->378 389 bdad01-bdad08 384->389 385->384 390 bdad0a-bdad0d 389->390 391 bdad22-bdad2e call bd9ab6 389->391 392 bdad0f-bdad20 call bd9ab6 390->392 393 bdad3a-bdad41 390->393 401 bdad33-bdad35 call bdc52f 391->401 392->401 397 bdad5b-bdad77 call bd9ab6 call bdc52f 393->397 398 bdad43-bdad56 call bd9ab6 call bdc52f 393->398 409 bdad8f-bdad9b 397->409 410 bdad79-bdad8a call bd9ab6 397->410 398->397 401->393 412 bdad9d-bdadae call bd9ab6 409->412 413 bdadb3-bdae36 call bd9ab6 call bdc52f call bd9ab6 call bdc52f sprintf_s call bd9ab6 call bdc52f call bdc755 409->413 417 bdaea7-bdaecf call bdc52f call bd9ab6 call bdc52f 410->417 412->417 449 bdae38-bdae91 call bdc681 call bdc716 call bdc5d8 call bda1b9 * 2 413->449 450 bdae96-bdaea2 call bd9ab6 413->450 433 bdaed6-bdaef5 call bd9ab6 call bdc52f 417->433 434 bdaed1 417->434 443 bdaf2f-bdaf36 433->443 444 bdaef7-bdaf2a sprintf_s call bd9ab6 call bdc52f 433->444 434->433 447 bdaf38-bdaf6b sprintf_s call bd9ab6 call bdc52f 443->447 448 bdaf70-bdaf74 443->448 444->443 447->448 455 bdaf76-bdafac sprintf_s call bd9ab6 call bdc52f 448->455 456 bdafb1-bdafb5 448->456 449->450 450->417 455->456 457 bdafb7-bdafbb 456->457 458 bdb002-bdb006 456->458 465 bdafbd-bdafc3 457->465 466 bdafc5 457->466 467 bdb008-bdb00e 458->467 468 bdb010 458->468 472 bdafc8-bdb000 sprintf_s call bd9ab6 call bdc52f 465->472 466->472 473 bdb013-bdb053 sprintf_s call bd9ab6 call bdc52f 467->473 468->473 490 bdb06f-bdb1b8 sprintf_s call bd9ab6 call bdc52f sprintf_s call bd9ab6 call bdc52f sprintf_s call bd9ab6 call bdc52f sprintf_s call bd9ab6 call bdc52f sprintf_s call bd9ab6 call bdc52f sprintf_s call bd9ab6 call bdc52f 472->490 487 bdb05a-bdb06a call bd9ab6 call bdc52f 473->487 488 bdb055 473->488 487->490 488->487 519 bdb1ba-bdb1bf 490->519 520 bdb1c1-bdb1c4 490->520 521 bdb1dc-bdb21e call bd9ab6 call bdc52f call bd9ab6 call bdc52f call becfa0 519->521 522 bdb1cd-bdb1d5 520->522 523 bdb1c6-bdb1cb 520->523 522->521 524 bdb1d7 522->524 523->521 524->521
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: sprintf_s$??3@memcpy
                                                                                                                                                                                                                                                    • String ID: </FilePath>$</Path>$</RandomDataSource>$</Target>$</WriteBufferContent>$<BaseFileOffset>%I64u</BaseFileOffset>$<BlockSize>%u</BlockSize>$<BurstSize>%u</BurstSize>$<DisableLocalCache>true</DisableLocalCache>$<DisableOSCache>true</DisableOSCache>$<FilePath>$<FileSize>%I64u</FileSize>$<IOPriority>* UNSUPPORTED *</IOPriority>$<IOPriority>1</IOPriority>$<IOPriority>2</IOPriority>$<IOPriority>3</IOPriority>$<InterlockedSequential>false</InterlockedSequential>$<InterlockedSequential>true</InterlockedSequential>$<MaxFileSize>%I64u</MaxFileSize>$<ParallelAsyncIO>false</ParallelAsyncIO>$<ParallelAsyncIO>true</ParallelAsyncIO>$<Path>$<Pattern>random</Pattern>$<Pattern>sequential</Pattern>$<Pattern>zero</Pattern>$<Random>%I64u</Random>$<RandomAccess>false</RandomAccess>$<RandomAccess>true</RandomAccess>$<RandomDataSource>$<RequestCount>%u</RequestCount>$<SequentialScan>false</SequentialScan>$<SequentialScan>true</SequentialScan>$<SizeInBytes>%I64u</SizeInBytes>$<StrideSize>%I64u</StrideSize>$<Target>$<TemporaryFile>false</TemporaryFile>$<TemporaryFile>true</TemporaryFile>$<ThinkTime>%u</ThinkTime>$<ThreadStride>%I64u</ThreadStride>$<ThreadsPerFile>%u</ThreadsPerFile>$<Throughput>%u</Throughput>$<UseLargePages>false</UseLargePages>$<UseLargePages>true</UseLargePages>$<WriteBufferContent>$<WriteRatio>%u</WriteRatio>$<WriteThrough>true</WriteThrough>
                                                                                                                                                                                                                                                    • API String ID: 615691289-193034654
                                                                                                                                                                                                                                                    • Opcode ID: 43d1eba2ad3862099565675d7f7c83faca4bb5d492400c6097475c6c49774b61
                                                                                                                                                                                                                                                    • Instruction ID: 4b6e0a8f0a15452767e4e454e5e29037e3a7c622c2f2ec3e6d78a0e7e9bdc624
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43d1eba2ad3862099565675d7f7c83faca4bb5d492400c6097475c6c49774b61
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4302A7B1900299BBDF24EB60DC46EEAF6EDEB14314F0405DBF585A3351FA74AA80DB11
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BDB845 Relevance: 66.8, APIs: 1, Strings: 37, Instructions: 281COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 535 bdb845-bdb8e4 call bedb30 call bda144 sprintf_s call bd9ab6 call bdc52f 544 bdb8ed-bdb8f5 535->544 545 bdb8e6-bdb8eb 535->545 546 bdb8fc-bdb915 call bd9ab6 call bdc52f 544->546 547 bdb8f7 544->547 545->546 552 bdb91c-bdb930 call bd9ab6 call bdc52f 546->552 553 bdb917 546->553 547->546 558 bdb939-bdb93d 552->558 559 bdb932-bdb937 552->559 553->552 561 bdb93f-bdb944 558->561 562 bdb946-bdb94a 558->562 560 bdb951-bdb95c call bd9ab6 call bdc52f 559->560 564 bdb961-bdb965 560->564 561->560 563 bdb94c 562->563 562->564 563->560 567 bdbaeb-bdbb05 call bd9ab6 call bdc52f 564->567 568 bdb96b-bdb974 564->568 579 bdbb3e-bdbb40 567->579 571 bdb97b-bdb994 call bd9ab6 call bdc52f 568->571 572 bdb976 568->572 583 bdb99b-bdb9b4 call bd9ab6 call bdc52f 571->583 584 bdb996 571->584 572->571 581 bdbb07-bdbb10 call bdb41d 579->581 582 bdbb42-bdbb89 call bd9ab6 call bdc52f call bd9ab6 call bdc52f call becfa0 579->582 589 bdbb15-bdbb3b call bdc5d8 call bda1b9 581->589 598 bdb9bb-bdb9d4 call bd9ab6 call bdc52f 583->598 599 bdb9b6 583->599 584->583 589->579 611 bdb9db-bdb9f4 call bd9ab6 call bdc52f 598->611 612 bdb9d6 598->612 599->598 617 bdb9fb-bdba14 call bd9ab6 call bdc52f 611->617 618 bdb9f6 611->618 612->611 623 bdba1b-bdba34 call bd9ab6 call bdc52f 617->623 624 bdba16 617->624 618->617 629 bdba3b-bdba54 call bd9ab6 call bdc52f 623->629 630 bdba36 623->630 624->623 635 bdba5b-bdba74 call bd9ab6 call bdc52f 629->635 636 bdba56 629->636 630->629 641 bdba7b-bdba94 call bd9ab6 call bdc52f 635->641 642 bdba76 635->642 636->635 647 bdba9b-bdbab4 call bd9ab6 call bdc52f 641->647 648 bdba96 641->648 642->641 653 bdbabb-bdbad4 call bd9ab6 call bdc52f 647->653 654 bdbab6 647->654 648->647 659 bdbadb-bdbae6 call bd9ab6 call bdc52f 653->659 660 bdbad6 653->660 654->653 659->567 660->659
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • sprintf_s.MSVCRT ref: 00BDB8BC
                                                                                                                                                                                                                                                      • Part of subcall function 00BDB41D: sprintf_s.MSVCRT ref: 00BDB51C
                                                                                                                                                                                                                                                      • Part of subcall function 00BDB41D: sprintf_s.MSVCRT ref: 00BDB550
                                                                                                                                                                                                                                                      • Part of subcall function 00BDA1B9: memcpy.MSVCRT ref: 00BDA1DB
                                                                                                                                                                                                                                                      • Part of subcall function 00BDA1B9: ??3@YAXPAX@Z.MSVCRT ref: 00BDA1E4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: sprintf_s$??3@memcpy
                                                                                                                                                                                                                                                    • String ID: </Profile>$</TimeSpans>$<DiskIO>false</DiskIO>$<DiskIO>true</DiskIO>$<ImageLoad>false</ImageLoad>$<ImageLoad>true</ImageLoad>$<MemoryHardFaults>false</MemoryHardFaults>$<MemoryHardFaults>true</MemoryHardFaults>$<MemoryPageFaults>false</MemoryPageFaults>$<MemoryPageFaults>true</MemoryPageFaults>$<Network>false</Network>$<Network>true</Network>$<PrecreateFiles>CreateOnlyFilesWithConstantOrZeroSizes</PrecreateFiles>$<PrecreateFiles>CreateOnlyFilesWithConstantSizes</PrecreateFiles>$<PrecreateFiles>UseMaxSize</PrecreateFiles>$<Process>false</Process>$<Process>true</Process>$<Profile>$<Progress>%u</Progress>$<Registry>false</Registry>$<Registry>true</Registry>$<ResultFormat>* UNSUPPORTED *</ResultFormat>$<ResultFormat>text</ResultFormat>$<ResultFormat>xml</ResultFormat>$<Thread>false</Thread>$<Thread>true</Thread>$<TimeSpans>$<UseCyclesCounter>false</UseCyclesCounter>$<UseCyclesCounter>true</UseCyclesCounter>$<UsePagedMemory>false</UsePagedMemory>$<UsePagedMemory>true</UsePagedMemory>$<UsePerfTimer>false</UsePerfTimer>$<UsePerfTimer>true</UsePerfTimer>$<UseSystemTimer>false</UseSystemTimer>$<UseSystemTimer>true</UseSystemTimer>$<Verbose>false</Verbose>$<Verbose>true</Verbose>
                                                                                                                                                                                                                                                    • API String ID: 615691289-2790193338
                                                                                                                                                                                                                                                    • Opcode ID: 34dfbd271c0fba5810f127ede5e7307a0995cb3a3bb18d7d141320f4e7630af7
                                                                                                                                                                                                                                                    • Instruction ID: 1c2f6f27a95c7e5c754f8e05b6b8ae8d332e65f082577c062f9202a6f93de30b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34dfbd271c0fba5810f127ede5e7307a0995cb3a3bb18d7d141320f4e7630af7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4881C863D005A5BAD724AB219856FAAE6DCEF25324F0501FBF80557382FFA89D4487E0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BDB41D Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 269COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: sprintf_s
                                                                                                                                                                                                                                                    • String ID: </Affinity>$</Targets>$</TimeSpan>$<Affinity>$<AffinityGroupAssignment Group="%u" Processor="%u"/>$<CalculateIopsStdDev>false</CalculateIopsStdDev>$<CalculateIopsStdDev>true</CalculateIopsStdDev>$<CompletionRoutines>false</CompletionRoutines>$<CompletionRoutines>true</CompletionRoutines>$<Cooldown>%u</Cooldown>$<DisableAffinity>false</DisableAffinity>$<DisableAffinity>true</DisableAffinity>$<Duration>%u</Duration>$<IoBucketDuration>%u</IoBucketDuration>$<MeasureLatency>false</MeasureLatency>$<MeasureLatency>true</MeasureLatency>$<RandSeed>%u</RandSeed>$<Targets>$<ThreadCount>%u</ThreadCount>$<TimeSpan>$<Warmup>%u</Warmup>
                                                                                                                                                                                                                                                    • API String ID: 2907819478-3937871512
                                                                                                                                                                                                                                                    • Opcode ID: 37d528722aeee136b99ad5f9c86e6dbeaa6677e526e9a36e3b02cc808fcce8d7
                                                                                                                                                                                                                                                    • Instruction ID: c095d8bffb6260a45578823bde48d9c5752737626e0a8a9e9c5d953f8d12dbed
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 37d528722aeee136b99ad5f9c86e6dbeaa6677e526e9a36e3b02cc808fcce8d7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44918672900195BBDB20EB609C46EAAF6FCEB54314F0405EFF45593341EA78EE849B60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE1733 Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 359filesleepCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 757 be1733-be179e call bed114 call be4dd7 762 be17fa-be17fc 757->762 763 be17a0-be17a3 757->763 765 be1af7-be1afe 762->765 766 be1802 762->766 764 be17a5-be17ba 763->764 767 be17bc-be17bf 764->767 768 be17c1 764->768 769 be1b04-be1b09 765->769 770 be1821-be1828 765->770 771 be1804-be181a call be8208 766->771 773 be17c4-be17ce 767->773 768->773 774 be1b0a-be1b0c 769->774 770->769 772 be182e-be1840 770->772 783 be181c 771->783 777 be1999-be199d 772->777 778 be1846-be18a7 call be813d 772->778 779 be17d5-be17e3 call be80d1 773->779 780 be17d0-be17d3 773->780 781 be1b0e-be1b15 ??3@YAXPAX@Z 774->781 782 be1b16-be1b1d call bed0e7 774->782 788 be199f-be19ab 777->788 789 be19b9-be19d2 GetQueuedCompletionStatus 777->789 799 be18a9-be18ab 778->799 800 be18c4-be18c8 778->800 785 be17e8-be17f5 779->785 780->779 780->785 781->782 783->765 785->764 794 be17f7 785->794 788->789 790 be19ad-be19b0 788->790 791 be1aea-be1af5 GetLastError 789->791 792 be19d8-be1a03 789->792 790->789 796 be19b2-be19b3 Sleep 790->796 791->765 801 be1b47-be1b53 call be1330 791->801 797 be1a1f-be1a34 792->797 798 be1a05-be1a1c call be1330 792->798 794->762 796->789 804 be1a6a-be1a70 797->804 805 be1a36-be1a65 call be0d77 797->805 798->797 799->800 806 be18ad-be18af 799->806 807 be18dc-be18fd call be170c 800->807 808 be18ca-be18d8 call bda975 800->808 821 be1b54-be1b56 801->821 815 be1a8e-be1ae8 call be1490 call bed910 call be1370 call be8208 804->815 816 be1a72-be1a7c 804->816 805->804 813 be18b4-be18bf call be8208 806->813 814 be18b1 806->814 825 be18ff-be1930 ReadFile 807->825 826 be1932-be1959 call bdc075 WriteFile 807->826 808->807 832 be1984-be1993 813->832 814->813 815->765 816->815 823 be1a7e-be1a8b call be12f0 816->823 821->774 823->815 830 be195c-be195e 825->830 826->830 836 be1960-be196b GetLastError 830->836 837 be1971-be1977 830->837 832->777 832->778 836->837 839 be1b1e-be1b26 836->839 837->832 840 be1979-be197f call be81c5 837->840 841 be1b2d-be1b45 GetLastError call be1330 839->841 842 be1b28 839->842 840->832 841->821 842->841
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ReadFile.KERNELBASE(00000010,00000001,?,00000000,?,?,00000060,00BE2D66), ref: 00BE1927
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000010,00000000,00000001,00000001,?,00000000,?,?,00000060,00BE2D66), ref: 00BE1953
                                                                                                                                                                                                                                                      • Part of subcall function 00BE1490: __aullrem.LIBCMT ref: 00BE1502
                                                                                                                                                                                                                                                      • Part of subcall function 00BE1490: __aullrem.LIBCMT ref: 00BE15DE
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BE1960
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(?,?,?,00000060,00BE2D66), ref: 00BE19B3
                                                                                                                                                                                                                                                    • GetQueuedCompletionStatus.KERNEL32(00BE2D66,?,00000060,00000010,00000001,?,00000060,00BE2D66), ref: 00BE19CA
                                                                                                                                                                                                                                                      • Part of subcall function 00BDA975: QueryPerformanceCounter.KERNEL32(00000000,00000001,00000001,?,00BE1E0F,000000B8,00000000,?), ref: 00BDA980
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BE1AB7
                                                                                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00BE1B0F
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BE1B2D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • read, xrefs: 00BE1B21
                                                                                                                                                                                                                                                    • t[%u:%u] new I/O op at %I64u (starting in block: %I64u), xrefs: 00BE1ACF
                                                                                                                                                                                                                                                    • Warning: thread %u transferred %u bytes instead of %u bytes, xrefs: 00BE1A0F
                                                                                                                                                                                                                                                    • write, xrefs: 00BE1B28, 00BE1B34
                                                                                                                                                                                                                                                    • t[%u] error during %s error code: %u), xrefs: 00BE1B38
                                                                                                                                                                                                                                                    • error during overlapped IO operation (error code: %u), xrefs: 00BE1B48
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLast__aullrem$??3@CompletionCounterPerformanceQueryQueuedReadSleepStatusUnothrow_t@std@@@Write__ehfuncinfo$??2@
                                                                                                                                                                                                                                                    • String ID: Warning: thread %u transferred %u bytes instead of %u bytes$error during overlapped IO operation (error code: %u)$read$t[%u:%u] new I/O op at %I64u (starting in block: %I64u)$t[%u] error during %s error code: %u)$write
                                                                                                                                                                                                                                                    • API String ID: 202472602-3846729189
                                                                                                                                                                                                                                                    • Opcode ID: 58649f57087ca3fc799ae703d8ad981aa512ffdbf831bd67936d703e6d520c77
                                                                                                                                                                                                                                                    • Instruction ID: e402f659da514dc1e08ede7b05856903be4fd398d13d56fc01a5265aa3a3f639
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58649f57087ca3fc799ae703d8ad981aa512ffdbf831bd67936d703e6d520c77
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3E14E75E002589FCF14DFADC884AADBBF6EF48310F2544A9E919AB366DB319C41CB50
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE2E86 Relevance: 6.1, APIs: 4, Instructions: 60stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 868 be2e86-be2e9f 869 be2ea6-be2ebe strcpy_s 868->869 870 be2ea1 868->870 872 be2ec4-be2ed3 869->872 873 be2ec0-be2ec2 869->873 871 be2ea3-be2ea4 870->871 874 be2f17-be2f24 call becfa0 871->874 875 be2ed5 872->875 876 be2f13 872->876 873->871 879 be2ed7-be2eda 875->879 877 be2f15-be2f16 876->877 877->874 881 be2f0c-be2f11 879->881 882 be2edc-be2edf 879->882 881->876 881->879 882->881 883 be2ee1-be2ef4 GetFileAttributesA 882->883 884 be2f09 883->884 885 be2ef6-be2f07 CreateDirectoryA 883->885 884->881 885->884 886 be2f25-be2f2b GetLastError 885->886 886->877
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • strcpy_s.MSVCRT ref: 00BE2EB3
                                                                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(00000000), ref: 00BE2EEB
                                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00BE2EFF
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BE2F25
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AttributesCreateDirectoryErrorFileLaststrcpy_s
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 354552961-0
                                                                                                                                                                                                                                                    • Opcode ID: d396aaff171a5537cccd26498e6b91c60dd3782db09c50eb0b422e1393624c62
                                                                                                                                                                                                                                                    • Instruction ID: 974437e54ac4e1b5dcef7a46a5f04311332ee3a134f0a22e73865657b321747d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d396aaff171a5537cccd26498e6b91c60dd3782db09c50eb0b422e1393624c62
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA11A3719082D4AAEB348B369C49BAA7BFCEF45350F5404D9E5C6D3081DFB499C5CB90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BDBFD5 Relevance: 4.6, APIs: 3, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 887 bdbfd5-bdbff4 888 bdbff6-bdc00e GetLargePageMinimum 887->888 889 bdc010-bdc017 887->889 890 bdc018-bdc02e VirtualAlloc 888->890 889->890 891 bdc065-bdc06d 890->891 892 bdc030-bdc033 890->892 893 bdc035-bdc038 892->893 894 bdc053-bdc062 call bdc0e3 892->894 896 bdc03a-bdc045 memset 893->896 897 bdc047-bdc049 893->897 894->891 896->894 897->894 898 bdc04b-bdc051 897->898 898->894 898->898
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLargePageMinimum.KERNEL32 ref: 00BDBFF6
                                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 00BDC01B
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00BDC03D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocLargeMinimumPageVirtualmemset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3383278933-0
                                                                                                                                                                                                                                                    • Opcode ID: 3fda4ade151e3b3f417c2cafe69a6cfab3d34f97904fd6b3053fbc4977de4d8f
                                                                                                                                                                                                                                                    • Instruction ID: df4f513608f3119a511fc41361bad116bacb4eeb33087eee96f2eaec08d53abc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fda4ade151e3b3f417c2cafe69a6cfab3d34f97904fd6b3053fbc4977de4d8f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3211E3B190524BBBEB119B758884BBAFFACEB11340F04419AE94497341E6715C49C7E0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BDA58F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 900 bda58f-bda59b 901 bda59d-bda5a0 900->901 902 bda5af-bda5b2 900->902 903 bda5b5-bda5ba call becbe6 901->903 904 bda5a2-bda5a3 call beca2b 901->904 907 bda5a8-bda5ad 904->907 907->902 907->903
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::tr1::_Xmem.LIBCPMT ref: 00BDA5B5
                                                                                                                                                                                                                                                      • Part of subcall function 00BECA2B: malloc.MSVCRT ref: 00BECA42
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Xmemmallocstd::tr1::_
                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                    • API String ID: 257571584-2766056989
                                                                                                                                                                                                                                                    • Opcode ID: 399b7a485d091a66600d6952dbfa20f3ceafde20b4a6854d3a2a6daddf43b3a4
                                                                                                                                                                                                                                                    • Instruction ID: 47b8c3a789db9194975d14845f7d009e69563e3ebd71dc766e68659286461e28
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 399b7a485d091a66600d6952dbfa20f3ceafde20b4a6854d3a2a6daddf43b3a4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00D05E7130824E0A5A1C657E641652EB6CCCE64775314017B7527C66C0FF20EC01405A
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BDA49C Relevance: 3.1, APIs: 2, Instructions: 67COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 909 bda49c-bda4b6 call bed187 912 bda4bd-bda4d4 909->912 913 bda4b8-bda4bb 909->913 914 bda4e7-bda4f2 call bda58f 912->914 915 bda4d6-bda4dd 912->915 913->914 919 bda4f7-bda52a 914->919 916 bda4df-bda4e2 915->916 917 bda4e4-bda4e6 915->917 916->914 917->914 921 bda52c-bda530 919->921 922 bda547-bda554 call bda1b9 919->922 923 bda536 921->923 924 bda532-bda534 921->924 929 bda55b-bda564 922->929 930 bda556-bda559 922->930 926 bda538-bda53a 923->926 924->926 926->922 928 bda53c-bda544 memcpy 926->928 928->922 931 bda568-bda571 call bed0e7 929->931 932 bda566 929->932 930->929 932->931
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: H_prolog3_catchmemcpy
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1910038392-0
                                                                                                                                                                                                                                                    • Opcode ID: 2a33e8a7abefc42bab14014e8cd8ac7b7e8d6d72af432aa422d9d6fea1221759
                                                                                                                                                                                                                                                    • Instruction ID: fbc534dffb2f5a0dfad1305c0b27de2c7d84e23e96dbd8de3a801f6fec0d1419
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a33e8a7abefc42bab14014e8cd8ac7b7e8d6d72af432aa422d9d6fea1221759
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF212471B002029BDB24DF58D88176EF7F5EF90724F50429FE5526B3C1EBB0AA458B92
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE5DF7 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 935 be5df7-be5e04 call bdebcd 937 be5e09-be5e2b memmove 935->937 938 be5e2d-be5e35 ??3@YAXPAX@Z 937->938 939 be5e36-be5e4b 937->939 938->939
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ??3@memmove
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1783365933-0
                                                                                                                                                                                                                                                    • Opcode ID: a21ba9653f435c5901f9bf54f83c0f7acc78be1405f1505ba437c0e30c475246
                                                                                                                                                                                                                                                    • Instruction ID: caaa4aa6637dea97661df17ec6fe89689d785cd1c57e6f1ba07393d072a3b449
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a21ba9653f435c5901f9bf54f83c0f7acc78be1405f1505ba437c0e30c475246
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3F04F76400604EFC7319F29D884897FBF9EF85360724862AE99583254D731AA60CB90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BECA2B Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 940 beca2b-beca30 941 beca3f-beca4b malloc 940->941 942 beca4d-beca4e 941->942 943 beca32-beca3d _callnewh 941->943 943->941 944 beca4f 943->944 944->944
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _callnewhmalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2285944120-0
                                                                                                                                                                                                                                                    • Opcode ID: c37e55d5510b448b6c22a1b9c040c866797046a46e28443faf44dc77a8ba1324
                                                                                                                                                                                                                                                    • Instruction ID: 72e230cbb814d3162688db21fb97f113eaaf1cb89eb73740b91b6fd1fd602f93
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c37e55d5510b448b6c22a1b9c040c866797046a46e28443faf44dc77a8ba1324
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAD0A93500818EA68F20AA2BEC2443E3ED9EA4036272810B0B80886469DF22CC53D544
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BDEBCD Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 949 bdebcd-bdebd9 950 bdebdb-bdebe0 949->950 951 bdebf2-bdebf5 949->951 952 bdebf8-bdebfd call becbe6 950->952 953 bdebe2-bdebe6 call beca2b 950->953 956 bdebeb-bdebf0 953->956 956->951 956->952
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::tr1::_Xmem.LIBCPMT ref: 00BDEBF8
                                                                                                                                                                                                                                                      • Part of subcall function 00BECA2B: malloc.MSVCRT ref: 00BECA42
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Xmemmallocstd::tr1::_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 257571584-0
                                                                                                                                                                                                                                                    • Opcode ID: f0ad478dba8e2f6475ea0f60988791a944f8e226c44f4ae9953444f3b242845a
                                                                                                                                                                                                                                                    • Instruction ID: d6f77bbf0186a896bc18ffae47bca005d30912d6220d90744612e0e40297df3d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0ad478dba8e2f6475ea0f60988791a944f8e226c44f4ae9953444f3b242845a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9D05E7120966E076F2C757E545682EB6CCCA84770354457B7537CE680EE22EC028119
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00BDD640 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 167COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • ERROR: core %u is out of range, xrefs: 00BDD740, 00BDD7A9
                                                                                                                                                                                                                                                    • ERROR: incomplete affinity specification, xrefs: 00BDD7C7
                                                                                                                                                                                                                                                    • ERROR: syntax error parsing affinity at highlighted character-%s, xrefs: 00BDD769
                                                                                                                                                                                                                                                    • ERROR: group %u is out of range, xrefs: 00BDD70E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: fprintf
                                                                                                                                                                                                                                                    • String ID: ERROR: core %u is out of range$ERROR: group %u is out of range$ERROR: incomplete affinity specification$ERROR: syntax error parsing affinity at highlighted character-%s
                                                                                                                                                                                                                                                    • API String ID: 383729395-1019511092
                                                                                                                                                                                                                                                    • Opcode ID: 46a620357f094c6331ff68aadb41aad56f822e53b05d2d9f653362bf012f1a14
                                                                                                                                                                                                                                                    • Instruction ID: f85f0c8d4703e19dda5af18c087fc20b992061c5234247128d6d0444311d6986
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46a620357f094c6331ff68aadb41aad56f822e53b05d2d9f653362bf012f1a14
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B412931A85255AEEB205B74D89A7FEEFE4CF02710F1840D7ECD867392F6660C48DA81
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE1085 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 95synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?), ref: 00BE10AB
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BE10B8
                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(?,00070000,00000000,00000000,00000001,00000018,?,?), ref: 00BE10ED
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BE10F9
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00BE110B
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BE1115
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00BE1138
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • ERROR: Failed while waiting for event to be signaled (error code: %u), xrefs: 00BE111C
                                                                                                                                                                                                                                                    • ERROR: Failed to create event (error code: %u), xrefs: 00BE10BF
                                                                                                                                                                                                                                                    • ERROR: Could not obtain drive geometry (error code: %u), xrefs: 00BE1129
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$CloseControlCreateDeviceEventHandleObjectSingleWait
                                                                                                                                                                                                                                                    • String ID: ERROR: Could not obtain drive geometry (error code: %u)$ERROR: Failed to create event (error code: %u)$ERROR: Failed while waiting for event to be signaled (error code: %u)
                                                                                                                                                                                                                                                    • API String ID: 3935222316-3021154126
                                                                                                                                                                                                                                                    • Opcode ID: 8de42a9437050a2afda4f0367dadb715f6f9529fec381cade836037fd887c814
                                                                                                                                                                                                                                                    • Instruction ID: bc48ec50af808fafff88021d68b3d93af0984ab3664e384d36eb01a66e61e6dd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8de42a9437050a2afda4f0367dadb715f6f9529fec381cade836037fd887c814
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B218676900195BF9B119BBADC09DBFBBFEEB88710B200599F901E3150DF354D01D666
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BED498 Relevance: 7.6, APIs: 5, Instructions: 53timethreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00BED4CE
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00BED4DD
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00BED4E6
                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00BED4EF
                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00BED504
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1445889803-0
                                                                                                                                                                                                                                                    • Opcode ID: 30ac127758d718a7ee47e449337d54f9d8546ad4c92aed7544ba2121a2a0e493
                                                                                                                                                                                                                                                    • Instruction ID: 77f5f106691f06e2a93ff0136748c8737cb2a6bff121b77c96369c7462156717
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30ac127758d718a7ee47e449337d54f9d8546ad4c92aed7544ba2121a2a0e493
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3116D71D01248EBCB10CBB9E9586BEB7F4FF18351F91489AD806D7254DF309A40CB54
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BED5FA Relevance: 6.0, APIs: 4, Instructions: 13COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00BED735,00BD1E98), ref: 00BED601
                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(00BED735,?,00BED735,00BD1E98), ref: 00BED60A
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409,?,00BED735,00BD1E98), ref: 00BED615
                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00BED735,00BD1E98), ref: 00BED61C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3231755760-0
                                                                                                                                                                                                                                                    • Opcode ID: 1f7aa3fe0df66a464af7b57ecec1a57600aa869dadcc9aa118dc719b3b0be43a
                                                                                                                                                                                                                                                    • Instruction ID: 9718b4e24fa58edecef5ad210aa8d145ecfa7452fcc450d966d73c4b24e7e46c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f7aa3fe0df66a464af7b57ecec1a57600aa869dadcc9aa118dc719b3b0be43a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2D0CA73040208BBCB002BF1EC0CA693E2AEB88252F088001F70A83020CF318882CB69
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BDCEC4 Relevance: 436.0, APIs: 130, Strings: 119, Instructions: 281COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • -yr<eventname> waits on event <eventname> before starting the run (including warmup), xrefs: 00BDD389
                                                                                                                                                                                                                                                    • -? display usage information, xrefs: 00BDCF3F
                                                                                                                                                                                                                                                    • -eNETWORK TCP/IP, UDP/IP send & receive, xrefs: 00BDD430
                                                                                                                                                                                                                                                    • IOPs time series in addition. [default=1000, 1 second]., xrefs: 00BDD031
                                                                                                                                                                                                                                                    • Additional groups/processors may be added, comma separated, or on separate parameters., xrefs: 00BDCF95
                                                                                                                                                                                                                                                    • completed I/O operations, counted separately by each thread , xrefs: 00BDD183
                                                                                                                                                                                                                                                    • (ignored if -r specified, -si conflicts with -T and -p), xrefs: 00BDD1F8
                                                                                                                                                                                                                                                    • -Sb enable caching (default, explicitly stated), xrefs: 00BDD22C
                                                                                                                                                                                                                                                    • -eIMAGE_LOAD image load, xrefs: 00BDD404
                                                                                                                                                                                                                                                    • Synchronization:, xrefs: 00BDD355
                                                                                                                                                                                                                                                    • -W<seconds> warm up time - duration of the test before measurements start [default=5s], xrefs: 00BDD2D5
                                                                                                                                                                                                                                                    • lasting 10 seconds:, xrefs: 00BDD4C8
                                                                                                                                                                                                                                                    • [default; use -n to disable default affinity], xrefs: 00BDCF63
                                                                                                                                                                                                                                                    • -v verbose mode, xrefs: 00BDD2A1
                                                                                                                                                                                                                                                    • Usage: %s [options] target1 [ target2 [ target3 ...] ], xrefs: 00BDCEDA
                                                                                                                                                                                                                                                    • -ep use paged memory for the NT Kernel Logger [default=non-paged memory], xrefs: 00BDD3E3
                                                                                                                                                                                                                                                    • -P<count> enable printing a progress dot after each <count> [default=65536], xrefs: 00BDD176
                                                                                                                                                                                                                                                    • IMPORTANT: a write test will destroy existing data without a warning, xrefs: 00BDD2C8
                                                                                                                                                                                                                                                    • -d<seconds> duration (in seconds) to run test [default=10s], xrefs: 00BDD03E
                                                                                                                                                                                                                                                    • Available options:, xrefs: 00BDCF34
                                                                                                                                                                                                                                                    • -yp<eventname> stops the run when event <eventname> is set; CTRL+C is bound to this event, xrefs: 00BDD39E
                                                                                                                                                                                                                                                    • -o<count> number of outstanding I/O requests per target per thread, xrefs: 00BDD135
                                                                                                                                                                                                                                                    • -Sh equivalent -Suw, xrefs: 00BDD239
                                                                                                                                                                                                                                                    • Size can be stated in bytes or KiB/MiB/GiB/blocks, xrefs: 00BDCFFD
                                                                                                                                                                                                                                                    • Event Tracing:, xrefs: 00BDD3C2
                                                                                                                                                                                                                                                    • absence of this switch indicates 100%% reads, xrefs: 00BDD2BB
                                                                                                                                                                                                                                                    • (ignored if -r is specified, makes sense only with -o2 or greater), xrefs: 00BDD169
                                                                                                                                                                                                                                                    • [default access=non-interlocked sequential, default stride=block size], xrefs: 00BDD1B7
                                                                                                                                                                                                                                                    • -S equivalent to -Su, xrefs: 00BDD21F
                                                                                                                                                                                                                                                    • (creates a notification event if <eventname> does not exist), xrefs: 00BDD36B, 00BDD370, 00BDD382, 00BDD394, 00BDD3A9
                                                                                                                                                                                                                                                    • %s -b4K -t2 -r -o32 -d10 -h testfile.dat, xrefs: 00BDD4A7
                                                                                                                                                                                                                                                    • may be specified, and groups/cores may be repeated. If no group is specified, 0 is assumed., xrefs: 00BDCF88
                                                                                                                                                                                                                                                    • to CPUs 0 and 1 (each file will have threads affinitized to both CPUs) and run read test, xrefs: 00BDD4BD
                                                                                                                                                                                                                                                    • r : the FILE_FLAG_RANDOM_ACCESS hint, xrefs: 00BDD072
                                                                                                                                                                                                                                                    • Create 8192KB file and run read test on it for 1 second:, xrefs: 00BDD461
                                                                                                                                                                                                                                                    • per-target: text output provides IOPs standard deviation, XML provides the full, xrefs: 00BDD024
                                                                                                                                                                                                                                                    • -w<percentage> percentage of write requests (-w and -w0 are equivalent and result in a read-only workload)., xrefs: 00BDD2AE
                                                                                                                                                                                                                                                    • -X<filepath> use an XML file for configuring the workload. Cannot be used with other parameters., xrefs: 00BDD2EF
                                                                                                                                                                                                                                                    • -eTHREAD thread start & end, xrefs: 00BDD3F9
                                                                                                                                                                                                                                                    • -t<count> number of threads per target (conflicts with -F), xrefs: 00BDD26D
                                                                                                                                                                                                                                                    • <partition_drive_letter>:, xrefs: 00BDCF22
                                                                                                                                                                                                                                                    • -f<rst> open file with one or more additional access hints, xrefs: 00BDD065
                                                                                                                                                                                                                                                    • By default, the write buffers are filled with a repeating pattern (0, 1, 2, ..., 255, 0, 1, ...), xrefs: 00BDD343
                                                                                                                                                                                                                                                    • -f<size>[K|M|G|b] target size - use only the first <size> bytes or KiB/MiB/GiB/blocks of the file/disk/partition,, xrefs: 00BDD04B
                                                                                                                                                                                                                                                    • Examples: -a0,1,2 and -ag0,0,1,2 are equivalent., xrefs: 00BDCFA2
                                                                                                                                                                                                                                                    • [default = q, query perf timer (qpc)], xrefs: 00BDD3D8
                                                                                                                                                                                                                                                    • [default: none], xrefs: 00BDD099
                                                                                                                                                                                                                                                    • -c<size>[K|M|G|b] create files of the given size., xrefs: 00BDCFF0
                                                                                                                                                                                                                                                    • -h deprecated, see -Sh, xrefs: 00BDD0DA
                                                                                                                                                                                                                                                    • -ag0,0,1,2 -ag1,0,1,2 is equivalent., xrefs: 00BDCFBC
                                                                                                                                                                                                                                                    • Available targets:, xrefs: 00BDCF01
                                                                                                                                                                                                                                                    • -ag group affinity - affinitize threads round-robin to cores in Processor Groups 0 - n., xrefs: 00BDCF4A
                                                                                                                                                                                                                                                    • -p start parallel sequential I/O operations with the same offset, xrefs: 00BDD15C
                                                                                                                                                                                                                                                    • Set block size to 4KB, create 2 threads per file, 32 overlapped (outstanding), xrefs: 00BDD483
                                                                                                                                                                                                                                                    • for example to test only the first sectors of a disk, xrefs: 00BDD058
                                                                                                                                                                                                                                                    • 2.0.17a, xrefs: 00BDCEEA
                                                                                                                                                                                                                                                    • makes sense only with #threads > 1, xrefs: 00BDD294
                                                                                                                                                                                                                                                    • [default=2], xrefs: 00BDD14F
                                                                                                                                                                                                                                                    • (offset from the beginning of the file), xrefs: 00BDCFE3
                                                                                                                                                                                                                                                    • -C<seconds> cool down time - duration of the test after measurements finished [default=0s]., xrefs: 00BDD00A
                                                                                                                                                                                                                                                    • note that this can not be specified when using completion routines, xrefs: 00BDD0C0
                                                                                                                                                                                                                                                    • non-conflicting flags may be combined in any order; ex: -Sbw, -Suw, -Swu, xrefs: 00BDD212
                                                                                                                                                                                                                                                    • (1=synchronous I/O, unless more than 1 thread is specified with -F), xrefs: 00BDD142
                                                                                                                                                                                                                                                    • Examples:, xrefs: 00BDD454
                                                                                                                                                                                                                                                    • -ag#,#[,#,...]> advanced CPU affinity - affinitize threads round-robin to the CPUs provided. The g# notation, xrefs: 00BDCF6E
                                                                                                                                                                                                                                                    • as seen by the target will not be truly sequential. Under -si the threads, xrefs: 00BDD1D1
                                                                                                                                                                                                                                                    • -B<offs>[K|M|G|b] base target offset in bytes or KiB/MiB/GiB/blocks [default=0], xrefs: 00BDCFD6
                                                                                                                                                                                                                                                    • -Sw enable writethrough (no hardware write caching), equivalent to FILE_FLAG_WRITE_THROUGH, xrefs: 00BDD260
                                                                                                                                                                                                                                                    • [default inactive], xrefs: 00BDD0CD
                                                                                                                                                                                                                                                    • specifies Processor Groups for the following CPU core #s. Multiple Processor Groups, xrefs: 00BDCF7B
                                                                                                                                                                                                                                                    • -Sr disable local caching, with remote sw caching enabled; only valid for remote filesystems, xrefs: 00BDD253
                                                                                                                                                                                                                                                    • -z[seed] set random seed [with no -z, seed=0; with plain -z, seed is based on system run time], xrefs: 00BDD2FC
                                                                                                                                                                                                                                                    • -I<priority> Set IO priority to <priority>. Available values are: 1-very low, 2-low, 3-normal (default), xrefs: 00BDD101
                                                                                                                                                                                                                                                    • t : the FILE_ATTRIBUTE_TEMPORARY hint, xrefs: 00BDD08C
                                                                                                                                                                                                                                                    • In non-interlocked mode, threads do not coordinate, so the pattern of offsets, xrefs: 00BDD1C4
                                                                                                                                                                                                                                                    • -L measure latency statistics, xrefs: 00BDD11B
                                                                                                                                                                                                                                                    • -ye<eventname> sets event <eventname> and quits, xrefs: 00BDD3B0
                                                                                                                                                                                                                                                    • but promotes a more sequential pattern., xrefs: 00BDD1EB
                                                                                                                                                                                                                                                    • -ePROCESS process start & end, xrefs: 00BDD3EE
                                                                                                                                                                                                                                                    • -i<count> number of IOs per burst; see -j [default: inactive], xrefs: 00BDD0E7
                                                                                                                                                                                                                                                    • -Z<size>[K|M|G|b] use a <size> buffer filled with random data as a source for write operations., xrefs: 00BDD326
                                                                                                                                                                                                                                                    • -Z<size>[K|M|G|b],<file> use a <size> buffer filled with data from <file> as a source for write operations., xrefs: 00BDD331
                                                                                                                                                                                                                                                    • -F<count> total number of threads (conflicts with -t), xrefs: 00BDD0A6
                                                                                                                                                                                                                                                    • -l Use large pages for IO buffers, xrefs: 00BDD10E
                                                                                                                                                                                                                                                    • file_path, xrefs: 00BDCF0C
                                                                                                                                                                                                                                                    • %s -c8192K -d1 testfile.dat, xrefs: 00BDD471
                                                                                                                                                                                                                                                    • -ys<eventname> signals event <eventname> before starting the actual run (no warmup), xrefs: 00BDD360
                                                                                                                                                                                                                                                    • -eMEMORY_HARD_FAULTS hard faults only, xrefs: 00BDD425
                                                                                                                                                                                                                                                    • -eREGISTRY registry calls, xrefs: 00BDD43B
                                                                                                                                                                                                                                                    • %s -c1G -b4K -t2 -d10 -a0,1 testfile1.dat testfile2.dat, xrefs: 00BDD4D6
                                                                                                                                                                                                                                                    • -D<milliseconds> Capture IOPs statistics in intervals of <milliseconds>; these are per-thread, xrefs: 00BDD017
                                                                                                                                                                                                                                                    • [default=0] (starting offset = base file offset + (thread number * <offs>), xrefs: 00BDD287
                                                                                                                                                                                                                                                    • -e<q|c|s> Use query perf timer (qpc), cycle count, or system timer respectively., xrefs: 00BDD3CD
                                                                                                                                                                                                                                                    • Write buffers:, xrefs: 00BDD310
                                                                                                                                                                                                                                                    • #<physical drive number>, xrefs: 00BDCF17
                                                                                                                                                                                                                                                    • s : the FILE_FLAG_SEQUENTIAL_SCAN hint, xrefs: 00BDD07F
                                                                                                                                                                                                                                                    • -Su disable software caching, equivalent to FILE_FLAG_NO_BUFFERING, xrefs: 00BDD246
                                                                                                                                                                                                                                                    • -Z zero buffers used for write tests, xrefs: 00BDD31B
                                                                                                                                                                                                                                                    • -S[bhruw] control caching behavior [default: caching is enabled, no writethrough], xrefs: 00BDD205
                                                                                                                                                                                                                                                    • access read test lasting 10 seconds:, xrefs: 00BDD499
                                                                                                                                                                                                                                                    • 2016/5/01, xrefs: 00BDCEE5
                                                                                                                                                                                                                                                    • -s[i]<size>[K|M|G|b] sequential stride size, offset between subsequent I/O operations, xrefs: 00BDD1AA
                                                                                                                                                                                                                                                    • -eDISK_IO physical disk IO, xrefs: 00BDD40F
                                                                                                                                                                                                                                                    • -j<milliseconds> interval in <milliseconds> between issuing IO bursts; see -i [default: inactive], xrefs: 00BDD0F4
                                                                                                                                                                                                                                                    • -n disable default affinity (-a), xrefs: 00BDD128
                                                                                                                                                                                                                                                    • version %s (%s), xrefs: 00BDCEEF
                                                                                                                                                                                                                                                    • -b<size>[K|M|G] block size in bytes or KiB/MiB/GiB [default=64K], xrefs: 00BDCFC9
                                                                                                                                                                                                                                                    • -ag0,0,1,2,g1,0,1,2 specifies the first three cores in groups 0 and 1., xrefs: 00BDCFAF
                                                                                                                                                                                                                                                    • -yf<eventname> signals event <eventname> after the actual run finishes (no cooldown), xrefs: 00BDD377
                                                                                                                                                                                                                                                    • Create two 1GB files, set block size to 4KB, create 2 threads per file, affinitize threads, xrefs: 00BDD4B2
                                                                                                                                                                                                                                                    • I/O operations per thread, disable all caching mechanisms and run block-aligned random, xrefs: 00BDD48E
                                                                                                                                                                                                                                                    • -r<align>[K|M|G|b] random I/O aligned to <align> in bytes/KiB/MiB/GiB/blocks (overrides -s), xrefs: 00BDD190
                                                                                                                                                                                                                                                    • -R<text|xml> output format. Default is text., xrefs: 00BDD19D
                                                                                                                                                                                                                                                    • manipulate a shared offset with InterlockedIncrement, which may reduce throughput,, xrefs: 00BDD1DE
                                                                                                                                                                                                                                                    • Group 0 is filled before Group 1, and so forth., xrefs: 00BDCF55
                                                                                                                                                                                                                                                    • -g<bytes per ms> throughput per-thread per-target throttled to given bytes per millisecond, xrefs: 00BDD0B3
                                                                                                                                                                                                                                                    • -eMEMORY_PAGE_FAULTS all page faults, xrefs: 00BDD41A
                                                                                                                                                                                                                                                    • -T<offs>[K|M|G|b] starting stride between I/O operations performed on the same target by different threads, xrefs: 00BDD27A
                                                                                                                                                                                                                                                    • -x use completion routines instead of I/O Completion Ports, xrefs: 00BDD2E2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: printf
                                                                                                                                                                                                                                                    • String ID: -ag0,0,1,2 -ag1,0,1,2 is equivalent.$ -ag0,0,1,2,g1,0,1,2 specifies the first three cores in groups 0 and 1.$ (1=synchronous I/O, unless more than 1 thread is specified with -F)$ (ignored if -r is specified, makes sense only with -o2 or greater)$ (ignored if -r specified, -si conflicts with -T and -p)$ (offset from the beginning of the file)$ Additional groups/processors may be added, comma separated, or on separate parameters.$ Examples: -a0,1,2 and -ag0,0,1,2 are equivalent.$ Group 0 is filled before Group 1, and so forth.$ IMPORTANT: a write test will destroy existing data without a warning$ IOPs time series in addition. [default=1000, 1 second].$ In non-interlocked mode, threads do not coordinate, so the pattern of offsets$ Size can be stated in bytes or KiB/MiB/GiB/blocks$ [default = q, query perf timer (qpc)]$ [default access=non-interlocked sequential, default stride=block size]$ [default inactive]$ [default: none]$ [default; use -n to disable default affinity]$ [default=0] (starting offset = base file offset + (thread number * <offs>)$ [default=2]$ as seen by the target will not be truly sequential. Under -si the threads$ but promotes a more sequential pattern.$ completed I/O operations, counted separately by each thread $ for example to test only the first sectors of a disk$ makes sense only with #threads > 1$ manipulate a shared offset with InterlockedIncrement, which may reduce throughput,$ may be specified, and groups/cores may be repeated. If no group is specified, 0 is assumed.$ non-conflicting flags may be combined in any order; ex: -Sbw, -Suw, -Swu$ note that this can not be specified when using completion routines$ per-target: text output provides IOPs standard deviation, XML provides the full$ r : the FILE_FLAG_RANDOM_ACCESS hint$ s : the FILE_FLAG_SEQUENTIAL_SCAN hint$ specifies Processor Groups for the following CPU core #s. Multiple Processor Groups$ t : the FILE_ATTRIBUTE_TEMPORARY hint$ absence of this switch indicates 100%% reads$ (creates a notification event if <eventname> does not exist)$ #<physical drive number>$ <partition_drive_letter>:$ file_path$ %s -b4K -t2 -r -o32 -d10 -h testfile.dat$ %s -c1G -b4K -t2 -d10 -a0,1 testfile1.dat testfile2.dat$ %s -c8192K -d1 testfile.dat$ -? display usage information$ -B<offs>[K|M|G|b] base target offset in bytes or KiB/MiB/GiB/blocks [default=0]$ -C<seconds> cool down time - duration of the test after measurements finished [default=0s].$ -D<milliseconds> Capture IOPs statistics in intervals of <milliseconds>; these are per-thread$ -F<count> total number of threads (conflicts with -t)$ -I<priority> Set IO priority to <priority>. Available values are: 1-very low, 2-low, 3-normal (default)$ -L measure latency statistics$ -P<count> enable printing a progress dot after each <count> [default=65536]$ -R<text|xml> output format. Default is text.$ -S equivalent to -Su$ -S[bhruw] control caching behavior [default: caching is enabled, no writethrough]$ -Sb enable caching (default, explicitly stated)$ -Sh equivalent -Suw$ -Sr disable local caching, with remote sw caching enabled; only valid for remote filesystems$ -Su disable software caching, equivalent to FILE_FLAG_NO_BUFFERING$ -Sw enable writethrough (no hardware write caching), equivalent to FILE_FLAG_WRITE_THROUGH$ -T<offs>[K|M|G|b] starting stride between I/O operations performed on the same target by different threads$ -W<seconds> warm up time - duration of the test before measurements start [default=5s]$ -X<filepath> use an XML file for configuring the workload. Cannot be used with other parameters.$ -Z zero buffers used for write tests$ -Z<size>[K|M|G|b] use a <size> buffer filled with random data as a source for write operations.$ -Z<size>[K|M|G|b],<file> use a <size> buffer filled with data from <file> as a source for write operations.$ -ag group affinity - affinitize threads round-robin to cores in Processor Groups 0 - n.$ -ag#,#[,#,...]> advanced CPU affinity - affinitize threads round-robin to the CPUs provided. The g# notation$ -b<size>[K|M|G] block size in bytes or KiB/MiB/GiB [default=64K]$ -c<size>[K|M|G|b] create files of the given size.$ -d<seconds> duration (in seconds) to run test [default=10s]$ -e<q|c|s> Use query perf timer (qpc), cycle count, or system timer respectively.$ -eDISK_IO physical disk IO$ -eIMAGE_LOAD image load$ -eMEMORY_HARD_FAULTS hard faults only$ -eMEMORY_PAGE_FAULTS all page faults$ -eNETWORK TCP/IP, UDP/IP send & receive$ -ePROCESS process start & end$ -eREGISTRY registry calls$ -eTHREAD thread start & end$ -ep use paged memory for the NT Kernel Logger [default=non-paged memory]$ -f<rst> open file with one or more additional access hints$ -f<size>[K|M|G|b] target size - use only the first <size> bytes or KiB/MiB/GiB/blocks of the file/disk/partition,$ -g<bytes per ms> throughput per-thread per-target throttled to given bytes per millisecond$ -h deprecated, see -Sh$ -i<count> number of IOs per burst; see -j [default: inactive]$ -j<milliseconds> interval in <milliseconds> between issuing IO bursts; see -i [default: inactive]$ -l Use large pages for IO buffers$ -n disable default affinity (-a)$ -o<count> number of outstanding I/O requests per target per thread$ -p start parallel sequential I/O operations with the same offset$ -r<align>[K|M|G|b] random I/O aligned to <align> in bytes/KiB/MiB/GiB/blocks (overrides -s)$ -s[i]<size>[K|M|G|b] sequential stride size, offset between subsequent I/O operations$ -t<count> number of threads per target (conflicts with -F)$ -v verbose mode$ -w<percentage> percentage of write requests (-w and -w0 are equivalent and result in a read-only workload).$ -x use completion routines instead of I/O Completion Ports$ -ye<eventname> sets event <eventname> and quits$ -yf<eventname> signals event <eventname> after the actual run finishes (no cooldown)$ -yp<eventname> stops the run when event <eventname> is set; CTRL+C is bound to this event$ -yr<eventname> waits on event <eventname> before starting the run (including warmup)$ -ys<eventname> signals event <eventname> before starting the actual run (no warmup)$ -z[seed] set random seed [with no -z, seed=0; with plain -z, seed is based on system run time]$ By default, the write buffers are filled with a repeating pattern (0, 1, 2, ..., 255, 0, 1, ...)$2.0.17a$2016/5/01$Available options:$Available targets:$Create 8192KB file and run read test on it for 1 second:$Create two 1GB files, set block size to 4KB, create 2 threads per file, affinitize threads$Event Tracing:$Examples:$I/O operations per thread, disable all caching mechanisms and run block-aligned random$Set block size to 4KB, create 2 threads per file, 32 overlapped (outstanding)$Synchronization:$Usage: %s [options] target1 [ target2 [ target3 ...] ]$Write buffers:$access read test lasting 10 seconds:$lasting 10 seconds:$to CPUs 0 and 1 (each file will have threads affinitized to both CPUs) and run read test$version %s (%s)
                                                                                                                                                                                                                                                    • API String ID: 3524737521-2699309960
                                                                                                                                                                                                                                                    • Opcode ID: 880c0202c40c2eb9c16238a23abd1084ed8add9a9b8d19382c68db688e7f82f4
                                                                                                                                                                                                                                                    • Instruction ID: 9bca4908bd30efe2c601d259c82580d0d774a8ddf519ce7a295423f5b8b23057
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 880c0202c40c2eb9c16238a23abd1084ed8add9a9b8d19382c68db688e7f82f4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8AD1CD75146680DFC7112FA4E80D52DFEE4EA4A706B81885AEEC663361DF7442C2CF2B
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BDBB91 Relevance: 66.9, APIs: 18, Strings: 20, Instructions: 356COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • WARNING: target access pattern will not be sequential, consider -si, xrefs: 00BDBF23
                                                                                                                                                                                                                                                    • ERROR: affinity assignment to group %u; system only has %u groups, xrefs: 00BDBC5C
                                                                                                                                                                                                                                                    • ERROR: -si conflicts with -p, xrefs: 00BDBEDC
                                                                                                                                                                                                                                                    • ERROR: -n and -a parameters cannot be used together, xrefs: 00BDBD3C
                                                                                                                                                                                                                                                    • ERROR: affinity assignment to group %u core %u not possible; group only has %u cores, xrefs: 00BDBCAA
                                                                                                                                                                                                                                                    • ERROR: -T conflicts with -r, xrefs: 00BDBE1B
                                                                                                                                                                                                                                                    • ERROR: -g throughput control cannot be used with -x completion routines, xrefs: 00BDBDBD
                                                                                                                                                                                                                                                    • WARNING: Complete CPU utilization cannot currently be gathered within DISKSPD for this system. Use alternate mechanisms to gather this data such as perfmon/logman. Active KGroups %u > 1 and/or processor count %u > 64., xrefs: 00BDBBC5
                                                                                                                                                                                                                                                    • ERROR: -si conflicts with -T, xrefs: 00BDBEBB
                                                                                                                                                                                                                                                    • ERROR: -si conflicts with -r, xrefs: 00BDBE3C
                                                                                                                                                                                                                                                    • WARNING: -p does not have effect unless outstanding I/O count (-o) is > 1, xrefs: 00BDBE77
                                                                                                                                                                                                                                                    • ERROR: no timespans specified, xrefs: 00BDBBFB
                                                                                                                                                                                                                                                    • WARNING: -z is ignored if -r is not provided, xrefs: 00BDBE93
                                                                                                                                                                                                                                                    • ERROR: -F and -t parameters cannot be used together, xrefs: 00BDBD96
                                                                                                                                                                                                                                                    • ERROR: need to specify -j<think time> with -i<burst size>, xrefs: 00BDBDEE
                                                                                                                                                                                                                                                    • ERROR: -p conflicts with -r, xrefs: 00BDBE61
                                                                                                                                                                                                                                                    • ERROR: custom write buffer (-Z) is smaller than the block size. Write buffer size: %I64u block size: %u, xrefs: 00BDBF68
                                                                                                                                                                                                                                                    • WARNING: single-threaded test, -si ignored, xrefs: 00BDBEFE
                                                                                                                                                                                                                                                    • ERROR: affinity assignment to group %u core %u not possible; core is not active (current mask 0x%Ix), xrefs: 00BDBCFF
                                                                                                                                                                                                                                                    • ERROR: -T has no effect unless multiple threads per target are used, xrefs: 00BDBF2F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: fprintf$__iob_func
                                                                                                                                                                                                                                                    • String ID: ERROR: -F and -t parameters cannot be used together$ERROR: -T conflicts with -r$ERROR: -T has no effect unless multiple threads per target are used$ERROR: -g throughput control cannot be used with -x completion routines$ERROR: -n and -a parameters cannot be used together$ERROR: -p conflicts with -r$ERROR: -si conflicts with -T$ERROR: -si conflicts with -p$ERROR: -si conflicts with -r$ERROR: affinity assignment to group %u core %u not possible; core is not active (current mask 0x%Ix)$ERROR: affinity assignment to group %u core %u not possible; group only has %u cores$ERROR: affinity assignment to group %u; system only has %u groups$ERROR: custom write buffer (-Z) is smaller than the block size. Write buffer size: %I64u block size: %u$ERROR: need to specify -j<think time> with -i<burst size>$ERROR: no timespans specified$WARNING: -p does not have effect unless outstanding I/O count (-o) is > 1$WARNING: -z is ignored if -r is not provided$WARNING: Complete CPU utilization cannot currently be gathered within DISKSPD for this system. Use alternate mechanisms to gather this data such as perfmon/logman. Active KGroups %u > 1 and/or processor count %u > 64.$WARNING: single-threaded test, -si ignored$WARNING: target access pattern will not be sequential, consider -si
                                                                                                                                                                                                                                                    • API String ID: 2177900033-102208394
                                                                                                                                                                                                                                                    • Opcode ID: 917cf1ad9c40253cfdc47df7b7410652d3ef48b16d67550034e1e3cfcada6606
                                                                                                                                                                                                                                                    • Instruction ID: 4bd3e11a2ec1bd2ec1bd1c391746e13ecfc480300adad150f790db2812756095
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 917cf1ad9c40253cfdc47df7b7410652d3ef48b16d67550034e1e3cfcada6606
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6C1A471508381EEE7249B24D84AF3BFBD4EB45B10F15488FF085A7292EBB4E944CB56
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BDFFFD Relevance: 45.9, APIs: 1, Strings: 25, Instructions: 367COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00BE0004
                                                                                                                                                                                                                                                      • Part of subcall function 00BE086D: __EH_prolog3_GS.LIBCMT ref: 00BE0877
                                                                                                                                                                                                                                                      • Part of subcall function 00BE086D: memset.MSVCRT ref: 00BE090E
                                                                                                                                                                                                                                                      • Part of subcall function 00BE086D: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000103,00000000,00000000), ref: 00BE0949
                                                                                                                                                                                                                                                      • Part of subcall function 00BE086D: SysFreeString.OLEAUT32(?), ref: 00BE097D
                                                                                                                                                                                                                                                      • Part of subcall function 00BE086D: VariantClear.OLEAUT32(?), ref: 00BE098A
                                                                                                                                                                                                                                                      • Part of subcall function 00BE06E9: __EH_prolog3_GS.LIBCMT ref: 00BE06F0
                                                                                                                                                                                                                                                      • Part of subcall function 00BE06E9: _wtoi.MSVCRT ref: 00BE075A
                                                                                                                                                                                                                                                      • Part of subcall function 00BE06E9: SysFreeString.OLEAUT32(?), ref: 00BE0769
                                                                                                                                                                                                                                                      • Part of subcall function 00BE06E9: VariantClear.OLEAUT32(?), ref: 00BE0773
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: H_prolog3_$ClearFreeStringVariant$ByteCharMultiWide_wtoimemset
                                                                                                                                                                                                                                                    • String ID: BaseFileOffset$BlockSize$BurstSize$DisableAllCache$DisableLocalCache$DisableOSCache$FileSize$IOPriority$InterlockedSequential$MaxFileSize$ParallelAsyncIO$Path$Random$RandomAccess$RequestCount$SequentialScan$StrideSize$TemporaryFile$ThinkTime$ThreadStride$ThreadsPerFile$Throughput$UseLargePages$WriteRatio$WriteThrough
                                                                                                                                                                                                                                                    • API String ID: 283221528-1607452813
                                                                                                                                                                                                                                                    • Opcode ID: 50eec431a4a5687e2daef9272c8514b09bd43f9a0b20fbffae1796a44c6a987f
                                                                                                                                                                                                                                                    • Instruction ID: 7916c4bc594045107222a27e13851acc6779f04675701a236a435acb8d78795a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50eec431a4a5687e2daef9272c8514b09bd43f9a0b20fbffae1796a44c6a987f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7ED1A372C116AAABCB21FA69D881A9DF7F8AB04700F0551A2FD50B7352D7F0EC94C791
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE1B60 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 181COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BE1C76
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • read, xrefs: 00BE1D71, 00BE1D84
                                                                                                                                                                                                                                                    • t[%u:%u] error during %s error code: %u), xrefs: 00BE1D8C
                                                                                                                                                                                                                                                    • t[%u:%u] new I/O op at %I64u (starting in block: %I64u), xrefs: 00BE1C90
                                                                                                                                                                                                                                                    • Warning: thread %u transferred %u bytes instead of %u bytes, xrefs: 00BE1BDF
                                                                                                                                                                                                                                                    • write, xrefs: 00BE1D78
                                                                                                                                                                                                                                                    • Thread %u failed executing an I/O operation (error code: %u), xrefs: 00BE1B8D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                    • String ID: Thread %u failed executing an I/O operation (error code: %u)$Warning: thread %u transferred %u bytes instead of %u bytes$read$t[%u:%u] error during %s error code: %u)$t[%u:%u] new I/O op at %I64u (starting in block: %I64u)$write
                                                                                                                                                                                                                                                    • API String ID: 885266447-1044934336
                                                                                                                                                                                                                                                    • Opcode ID: 07e6f5eafc54b2d93e4cb4262330e928ded62cb3f5553fa43dbe0791ea23c402
                                                                                                                                                                                                                                                    • Instruction ID: 7a0564366bfd4897a8cb2b1d12052d49342f3edde6b57b8d2d8a8ea1b3caf61b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07e6f5eafc54b2d93e4cb4262330e928ded62cb3f5553fa43dbe0791ea23c402
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2717C76504240EFCB14DF19C884A6ABBE5FF88314F1989E9F8589B362D731EC45CBA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE0FB0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 85synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?), ref: 00BE0FD6
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BE0FE3
                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(?,00074004,00000000,00000000,?,00000020,?,00000003), ref: 00BE1015
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BE1021
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00BE1033
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BE103D
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00BE1060
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • ERROR: Failed while waiting for event to be signaled (error code: %u), xrefs: 00BE1044
                                                                                                                                                                                                                                                    • ERROR: Could not obtain partition info (error code: %u), xrefs: 00BE1051
                                                                                                                                                                                                                                                    • ERROR: Failed to create event (error code: %u), xrefs: 00BE0FEA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$CloseControlCreateDeviceEventHandleObjectSingleWait
                                                                                                                                                                                                                                                    • String ID: ERROR: Could not obtain partition info (error code: %u)$ERROR: Failed to create event (error code: %u)$ERROR: Failed while waiting for event to be signaled (error code: %u)
                                                                                                                                                                                                                                                    • API String ID: 3935222316-1037057180
                                                                                                                                                                                                                                                    • Opcode ID: 7efe085851dfb9c94c68909df75a309116bd86d30128e02647a2c4f7b71e85b0
                                                                                                                                                                                                                                                    • Instruction ID: 3f45f24e16512748f8be2cdd8da767ff6dc0b9779b0c8e82381513b484cfecde
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7efe085851dfb9c94c68909df75a309116bd86d30128e02647a2c4f7b71e85b0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44218A32900194BF97359BBADC49DBFBBB9EB85720B204555F911E3160DF309D40C6A9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE057C Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 111COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00BE0583
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: __EH_prolog3_GS.LIBCMT ref: 00BDF165
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: VariantClear.OLEAUT32 ref: 00BDF17A
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF215
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: SysAllocString.OLEAUT32(00000000), ref: 00BDF228
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: free.MSVCRT(00000000,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF257
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00BE06CC
                                                                                                                                                                                                                                                      • Part of subcall function 00BE0790: __EH_prolog3_GS.LIBCMT ref: 00BE0797
                                                                                                                                                                                                                                                      • Part of subcall function 00BE0790: _wtoi.MSVCRT ref: 00BE081D
                                                                                                                                                                                                                                                      • Part of subcall function 00BE0790: SysFreeString.OLEAUT32(?), ref: 00BE082C
                                                                                                                                                                                                                                                      • Part of subcall function 00BE0790: SysFreeString.OLEAUT32(?), ref: 00BE083D
                                                                                                                                                                                                                                                    • fprintf.MSVCRT ref: 00BE066A
                                                                                                                                                                                                                                                    • fprintf.MSVCRT ref: 00BE0692
                                                                                                                                                                                                                                                      • Part of subcall function 00BED7CD: __iob_func.MSVCRT ref: 00BED7D2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • ERROR: profile specifies group assignment to core %u, out of range, xrefs: 00BE065C
                                                                                                                                                                                                                                                    • Processor, xrefs: 00BE0643
                                                                                                                                                                                                                                                    • Affinity/AffinityGroupAssignment, xrefs: 00BE0592
                                                                                                                                                                                                                                                    • Group, xrefs: 00BE0629
                                                                                                                                                                                                                                                    • ERROR: profile specifies group assignment group %u, out of range, xrefs: 00BE0684
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: H_prolog3_String$ClearFreeVariantfprintf$AllocByteCharMultiWide__iob_func_wtoifree
                                                                                                                                                                                                                                                    • String ID: Affinity/AffinityGroupAssignment$ERROR: profile specifies group assignment group %u, out of range$ERROR: profile specifies group assignment to core %u, out of range$Group$Processor
                                                                                                                                                                                                                                                    • API String ID: 1108869389-696485494
                                                                                                                                                                                                                                                    • Opcode ID: 3d595f47fc3320272ca53f9112392f80c472a04d07edf325976c36939d361e8f
                                                                                                                                                                                                                                                    • Instruction ID: df2655057c598ea18f9f9a465b4654351b139cfd50fded61dfe605c812410a3d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d595f47fc3320272ca53f9112392f80c472a04d07edf325976c36939d361e8f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49418E71D0126A9FCF10EFE4D845AAEBBF4AF48710F1140A9E901B7361DBB46E45DBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE1DA7 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 146fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ReadFileEx.KERNEL32(00000010,00000000,00000004,?,00BE1B60,000000B8,00000000,?), ref: 00BE1E66
                                                                                                                                                                                                                                                    • WriteFileEx.KERNEL32(00000010,00000000,?,00000000,00000004,?,00BE1B60,000000B8,00000000,?), ref: 00BE1E92
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BE1EEE
                                                                                                                                                                                                                                                    • WaitForSingleObjectEx.KERNEL32(?,000000FF,00000001,000000B8,00000000,?), ref: 00BE1F20
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$ErrorLastObjectReadSingleWaitWrite
                                                                                                                                                                                                                                                    • String ID: Error in thread %u during WaitForSingleObjectEx (in completion routines)$read$t[%u:%u] error during %s error code: %u)$write
                                                                                                                                                                                                                                                    • API String ID: 781436170-3983133461
                                                                                                                                                                                                                                                    • Opcode ID: 5bc4058e3fecce57bfb22875bf35e383079a72b7e3f5bd4518c03a5533787a23
                                                                                                                                                                                                                                                    • Instruction ID: a59bb072374f08f7002589e25f65dfb45325cc66e2a1ef9cbc8c9078c35552f5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bc4058e3fecce57bfb22875bf35e383079a72b7e3f5bd4518c03a5533787a23
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9513C75D00255EFCB14CFA9C881AAEFBF5FF48310F2585A9E815A3651DB30AC51CB90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BDFE7D Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 125COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00BDFE84
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: __EH_prolog3_GS.LIBCMT ref: 00BDF165
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: VariantClear.OLEAUT32 ref: 00BDF17A
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF215
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: SysAllocString.OLEAUT32(00000000), ref: 00BDF228
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: free.MSVCRT(00000000,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF257
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00BDFFE0
                                                                                                                                                                                                                                                      • Part of subcall function 00BE086D: __EH_prolog3_GS.LIBCMT ref: 00BE0877
                                                                                                                                                                                                                                                      • Part of subcall function 00BE086D: memset.MSVCRT ref: 00BE090E
                                                                                                                                                                                                                                                      • Part of subcall function 00BE086D: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000103,00000000,00000000), ref: 00BE0949
                                                                                                                                                                                                                                                      • Part of subcall function 00BE086D: SysFreeString.OLEAUT32(?), ref: 00BE097D
                                                                                                                                                                                                                                                      • Part of subcall function 00BE086D: VariantClear.OLEAUT32(?), ref: 00BE098A
                                                                                                                                                                                                                                                      • Part of subcall function 00BDC383: memcmp.MSVCRT ref: 00BDC3AF
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClearH_prolog3_Variant$ByteCharMultiStringWide$AllocFreefreememcmpmemset
                                                                                                                                                                                                                                                    • String ID: Pattern$WriteBufferContent$random$sequential$zero
                                                                                                                                                                                                                                                    • API String ID: 1455204710-842192564
                                                                                                                                                                                                                                                    • Opcode ID: 2f88da6feac71b21e25720fe26adc06bc90d9bfc55f8ad1c723765925c0c9d34
                                                                                                                                                                                                                                                    • Instruction ID: 70cc1757fd86bc727e056ab1d6944fd9a474ec5b7c137a7b0ffc9a495c529bd8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f88da6feac71b21e25720fe26adc06bc90d9bfc55f8ad1c723765925c0c9d34
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E416F32C01216AFDB15EB60D845BFEBBB4AF05320F0540A6E902B7391EB706D45CBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BD9D90 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • printf.MSVCRT ref: 00BD9DA0
                                                                                                                                                                                                                                                    • SetEvent.KERNEL32 ref: 00BD9DAD
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BD9DB7
                                                                                                                                                                                                                                                      • Part of subcall function 00BED7CD: __iob_func.MSVCRT ref: 00BED7D2
                                                                                                                                                                                                                                                    • fprintf.MSVCRT ref: 00BD9DCC
                                                                                                                                                                                                                                                    • SetConsoleCtrlHandler.KERNEL32(00BD9D90,00000000), ref: 00BD9DDC
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • *** Interrupted by Ctrl-C. Stopping I/O Request Generator. ***, xrefs: 00BD9D9B
                                                                                                                                                                                                                                                    • Warning: Setting abort event failed (error code: %u), xrefs: 00BD9DBE
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConsoleCtrlErrorEventHandlerLast__iob_funcfprintfprintf
                                                                                                                                                                                                                                                    • String ID: *** Interrupted by Ctrl-C. Stopping I/O Request Generator. ***$Warning: Setting abort event failed (error code: %u)
                                                                                                                                                                                                                                                    • API String ID: 2832824574-2030963000
                                                                                                                                                                                                                                                    • Opcode ID: 0f14b2184b7727c31d38c139a12f71b45c54268c13b01a8ca2486392d13d9e82
                                                                                                                                                                                                                                                    • Instruction ID: 3428890e8f3bc76d3a313dd9ae53ea46faaf4a276596f46f0d5d73571bd60bf0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f14b2184b7727c31d38c139a12f71b45c54268c13b01a8ca2486392d13d9e82
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4EF06536641240BFE3102BB5FC0EF36BADADB44711F504866F505D32A1FFB04450C925
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE8DF8 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 163COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00BE834C: memset.MSVCRT ref: 00BE8379
                                                                                                                                                                                                                                                      • Part of subcall function 00BE834C: vsprintf_s.MSVCRT ref: 00BE838D
                                                                                                                                                                                                                                                    • sprintf_s.MSVCRT ref: 00BE8F18
                                                                                                                                                                                                                                                    • sprintf_s.MSVCRT ref: 00BE8FED
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • -------------------------------------------, xrefs: 00BE8E50, 00BE8F90
                                                                                                                                                                                                                                                    • CPU | Usage | User | Kernel | Idle, xrefs: 00BE8E41
                                                                                                                                                                                                                                                    • %4u| %6.2lf%%| %6.2lf%%| %6.2lf%%| %6.2lf%%, xrefs: 00BE8F0D
                                                                                                                                                                                                                                                    • avg.| %6.2lf%%| %6.2lf%%| %6.2lf%%| %6.2lf%%, xrefs: 00BE8FE2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: sprintf_s$memsetvsprintf_s
                                                                                                                                                                                                                                                    • String ID: CPU | Usage | User | Kernel | Idle$%4u| %6.2lf%%| %6.2lf%%| %6.2lf%%| %6.2lf%%$-------------------------------------------$avg.| %6.2lf%%| %6.2lf%%| %6.2lf%%| %6.2lf%%
                                                                                                                                                                                                                                                    • API String ID: 1157834829-6584663
                                                                                                                                                                                                                                                    • Opcode ID: b6c56df20c8c6846abe8477eb80187a1c5c8f001bd85a9ea7f30051e4186a356
                                                                                                                                                                                                                                                    • Instruction ID: 5963635fe1df9c92266436eccf4706d565751fbcd40e666dbed70b7557f43e83
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6c56df20c8c6846abe8477eb80187a1c5c8f001bd85a9ea7f30051e4186a356
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F518C71A08B45A7D3056F25E44999AFBF8FB84384F614C89F1C4621A9FF32897487CA
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE1250 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,?), ref: 00BE1273
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BE1280
                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,000902B8,00000000,00000000,00000000,00000000,00000000,?), ref: 00BE1297
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BE12A1
                                                                                                                                                                                                                                                    • GetOverlappedResult.KERNEL32(00000000,?,00000000,00000001), ref: 00BE12BC
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00BE12C6
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00BE12DC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$CloseControlCreateDeviceEventHandleOverlappedResult
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2847295715-0
                                                                                                                                                                                                                                                    • Opcode ID: dbef9135c7631f20360608d826dcb309a86a82806abed70eed33a3028a4bdd44
                                                                                                                                                                                                                                                    • Instruction ID: 74adb979585745f77e69e68c9a3299d35ff98502eeba1af0e16b495d94a398fb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbef9135c7631f20360608d826dcb309a86a82806abed70eed33a3028a4bdd44
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1111F76900259ABE7109BBADC49AEFBBADEB05751F100461EA05E3150DB708D44C6A1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE5E88 Relevance: 9.2, APIs: 6, Instructions: 161COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ??3@$Xmemstd::tr1::_$mallocmemmove
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4037358618-0
                                                                                                                                                                                                                                                    • Opcode ID: be15510d28d406080baa21e0114c872f7349732703eb0846dbe16364839e9059
                                                                                                                                                                                                                                                    • Instruction ID: a7ca70516dc350c068d81235a9e6a5c7b3ad5041605d242cee16356f32202390
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be15510d28d406080baa21e0114c872f7349732703eb0846dbe16364839e9059
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4641E772500614EFCB24DF69D98595AFBFDEF89720B1441AAF904DB254DB71DD00CBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BDF15E Relevance: 9.1, APIs: 6, Instructions: 102memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00BDF165
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32 ref: 00BDF17A
                                                                                                                                                                                                                                                    • malloc.MSVCRT ref: 00BDF1E8
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF215
                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00BDF228
                                                                                                                                                                                                                                                    • free.MSVCRT(00000000,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF257
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocByteCharClearH_prolog3_MultiStringVariantWidefreemalloc
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1623262104-0
                                                                                                                                                                                                                                                    • Opcode ID: d1584ee386dcc327d23c5683e3c471a339904ba70a62b57fb33fcb8efd651fa1
                                                                                                                                                                                                                                                    • Instruction ID: 37a654143cf7eb269e513956506147e5027e92c00d56907302122c849fa142ba
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d1584ee386dcc327d23c5683e3c471a339904ba70a62b57fb33fcb8efd651fa1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B31E3369042078BCF148F68DC856BDBBE5EF85320B2441BAF916EB391EB708D01CB51
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BDCC0B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Invalid size specifier '%c'. Valid ones are: K - KB, M - MB, G - GB, B - block, xrefs: 00BDCCC1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __aulldiv$fprintftoupper
                                                                                                                                                                                                                                                    • String ID: Invalid size specifier '%c'. Valid ones are: K - KB, M - MB, G - GB, B - block
                                                                                                                                                                                                                                                    • API String ID: 2363179844-1600532622
                                                                                                                                                                                                                                                    • Opcode ID: e599b176ca8e706f0f79312b72ff7ce306ddba7a0ea38c2c20e1fa85916aabde
                                                                                                                                                                                                                                                    • Instruction ID: 0cb685be5e4326431ae1c6b9a00e2b164ac163dbb4ba5c3553d957ebe86a82e3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e599b176ca8e706f0f79312b72ff7ce306ddba7a0ea38c2c20e1fa85916aabde
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F4128715482529AC710CE188C4466BFFD6EBC6360F1946BBF8999B390E2309C02C7D6
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BDFD31 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00BDFD38
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: __EH_prolog3_GS.LIBCMT ref: 00BDF165
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: VariantClear.OLEAUT32 ref: 00BDF17A
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF215
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: SysAllocString.OLEAUT32(00000000), ref: 00BDF228
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: free.MSVCRT(00000000,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF257
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00BDFE60
                                                                                                                                                                                                                                                      • Part of subcall function 00BE09AA: __EH_prolog3_GS.LIBCMT ref: 00BE09B1
                                                                                                                                                                                                                                                      • Part of subcall function 00BE09AA: _wtoi64.MSVCRT ref: 00BE0A1B
                                                                                                                                                                                                                                                      • Part of subcall function 00BE09AA: SysFreeString.OLEAUT32(?), ref: 00BE0A2D
                                                                                                                                                                                                                                                      • Part of subcall function 00BE09AA: VariantClear.OLEAUT32(?), ref: 00BE0A37
                                                                                                                                                                                                                                                      • Part of subcall function 00BE086D: __EH_prolog3_GS.LIBCMT ref: 00BE0877
                                                                                                                                                                                                                                                      • Part of subcall function 00BE086D: memset.MSVCRT ref: 00BE090E
                                                                                                                                                                                                                                                      • Part of subcall function 00BE086D: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000103,00000000,00000000), ref: 00BE0949
                                                                                                                                                                                                                                                      • Part of subcall function 00BE086D: SysFreeString.OLEAUT32(?), ref: 00BE097D
                                                                                                                                                                                                                                                      • Part of subcall function 00BE086D: VariantClear.OLEAUT32(?), ref: 00BE098A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClearH_prolog3_Variant$String$ByteCharFreeMultiWide$Alloc_wtoi64freememset
                                                                                                                                                                                                                                                    • String ID: FilePath$RandomDataSource$SizeInBytes
                                                                                                                                                                                                                                                    • API String ID: 315616386-221587684
                                                                                                                                                                                                                                                    • Opcode ID: 151fba60f70efcc8d778c93045168ee35f2bb7394b3d424ee709ca0505a72c07
                                                                                                                                                                                                                                                    • Instruction ID: 099b65893d76dedaf6d50618a44d9bb1b85972351af63529113678a81b567e82
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 151fba60f70efcc8d778c93045168ee35f2bb7394b3d424ee709ca0505a72c07
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8414C31D002299FCB11EBA8D855BEDBBF4AF08710F0541A9E915BB352EB70AD05DBA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE0475 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00BE047C
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: __EH_prolog3_GS.LIBCMT ref: 00BDF165
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: VariantClear.OLEAUT32 ref: 00BDF17A
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF215
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: SysAllocString.OLEAUT32(00000000), ref: 00BDF228
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: free.MSVCRT(00000000,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF257
                                                                                                                                                                                                                                                    • _wtoi.MSVCRT ref: 00BE052F
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00BE0543
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00BE055F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Affinity/AffinityAssignment, xrefs: 00BE048B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClearH_prolog3_StringVariant$AllocByteCharFreeMultiWide_wtoifree
                                                                                                                                                                                                                                                    • String ID: Affinity/AffinityAssignment
                                                                                                                                                                                                                                                    • API String ID: 1474463088-139104479
                                                                                                                                                                                                                                                    • Opcode ID: fa99395d58e0447b970151bb4f148d88b3328a310e53b0ec251b1ca441f30cda
                                                                                                                                                                                                                                                    • Instruction ID: 9493f6a3a51b4540258eec908f3e6303ed0392b3f7cf2bf30a13757c061526e6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa99395d58e0447b970151bb4f148d88b3328a310e53b0ec251b1ca441f30cda
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E315C71D0066ADFCF11EFA8D8859AEBBB4FF48310B114099E906B7350DB70AE41DBA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE0A84 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00BE0A8B
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: __EH_prolog3_GS.LIBCMT ref: 00BDF165
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: VariantClear.OLEAUT32 ref: 00BDF17A
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF215
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: SysAllocString.OLEAUT32(00000000), ref: 00BDF228
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: free.MSVCRT(00000000,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF257
                                                                                                                                                                                                                                                    • _wcsicmp.MSVCRT ref: 00BE0AFA
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00BE0B10
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00BE0B1A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClearH_prolog3_StringVariant$AllocByteCharFreeMultiWide_wcsicmpfree
                                                                                                                                                                                                                                                    • String ID: true
                                                                                                                                                                                                                                                    • API String ID: 1156377413-4261170317
                                                                                                                                                                                                                                                    • Opcode ID: ef279f943ff29b220db30a1ce9dc4b29e3dc64b4946effdbb2c58684283f747e
                                                                                                                                                                                                                                                    • Instruction ID: fa264c0bd9cd9bac1deb62d92712045210288f002be82e6ecbf76dcdaa720c7e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef279f943ff29b220db30a1ce9dc4b29e3dc64b4946effdbb2c58684283f747e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30118132D0015ADFCF05EBA8C805AEEBBB4EF08714F014095E516B7251DB719D45CB94
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE086D Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00BE0877
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: __EH_prolog3_GS.LIBCMT ref: 00BDF165
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: VariantClear.OLEAUT32 ref: 00BDF17A
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF215
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: SysAllocString.OLEAUT32(00000000), ref: 00BDF228
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: free.MSVCRT(00000000,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF257
                                                                                                                                                                                                                                                    • memset.MSVCRT ref: 00BE090E
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000103,00000000,00000000), ref: 00BE0949
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00BE097D
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00BE098A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharClearH_prolog3_MultiStringVariantWide$AllocFreefreememset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3350116639-0
                                                                                                                                                                                                                                                    • Opcode ID: 53c9d5bd8a0df56130627c807ec301ed2cd1cfb139ce649dcac7e6e79e5ff8f0
                                                                                                                                                                                                                                                    • Instruction ID: 0c4fc3fd213d90446ecb1b470d9f592dc8316a98abf11182c601e0ca5011fdc0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53c9d5bd8a0df56130627c807ec301ed2cd1cfb139ce649dcac7e6e79e5ff8f0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5314A369002699BCB25EB25CC59EEEB7B9EF45700F0140D9BA0AA7251DB706F85CF90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE13B6 Relevance: 6.3, APIs: 5, Instructions: 53COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: rand
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 415692148-0
                                                                                                                                                                                                                                                    • Opcode ID: dd59906551c6c2d6e12ef1756a2d3bbd6edbe2d8664cc4ff86f1b9754ceac3fc
                                                                                                                                                                                                                                                    • Instruction ID: a044eb2ffa9ae4123f1558cce06fba12bc4fa87b189c8212ce39a6906edfda69
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd59906551c6c2d6e12ef1756a2d3bbd6edbe2d8664cc4ff86f1b9754ceac3fc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0001F773E1122A6BE3409BA4CC863797692DB84210F0A0130FA3CE7281CD389D21A6E5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE1490 Relevance: 6.1, APIs: 4, Instructions: 148COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __aullrem$__aulldiv
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3670715282-0
                                                                                                                                                                                                                                                    • Opcode ID: 754fef53222c85af97132c4c6f2970ad45c246b85e278bd0114cd496febdb416
                                                                                                                                                                                                                                                    • Instruction ID: 3f49b91f1163245905732e3ff1c0f1f2761a176d91f3f8d6a3a96cd84aec00f0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 754fef53222c85af97132c4c6f2970ad45c246b85e278bd0114cd496febdb416
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 075149B1A083519FC714CF19C580A1ABBE6EFC8714F254A9DF884A7352CB30ED54CB96
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE0790 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00BE0797
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF10B: SysFreeString.OLEAUT32 ref: 00BDF143
                                                                                                                                                                                                                                                    • _wtoi.MSVCRT ref: 00BE081D
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00BE082C
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00BE083D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeString$H_prolog3__wtoi
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2138719750-0
                                                                                                                                                                                                                                                    • Opcode ID: 4719bedb27322a86c0a913c7b66a15408f6f40958afbc5452805e483f30c6dcb
                                                                                                                                                                                                                                                    • Instruction ID: 0fe1236bb2cb992ad18bee73c687b0c58e5e6ac1bf4b0e11c9c47adcba101880
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4719bedb27322a86c0a913c7b66a15408f6f40958afbc5452805e483f30c6dcb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47216F31A0024ADFCF05EF64CC54ABDBBB5EF48315F104098E512B7260CB75AE42DBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE09AA Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00BE09B1
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: __EH_prolog3_GS.LIBCMT ref: 00BDF165
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: VariantClear.OLEAUT32 ref: 00BDF17A
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF215
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: SysAllocString.OLEAUT32(00000000), ref: 00BDF228
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: free.MSVCRT(00000000,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF257
                                                                                                                                                                                                                                                    • _wtoi64.MSVCRT ref: 00BE0A1B
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00BE0A2D
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00BE0A37
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClearH_prolog3_StringVariant$AllocByteCharFreeMultiWide_wtoi64free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 109575796-0
                                                                                                                                                                                                                                                    • Opcode ID: f3f9a2a20a340c6f3c8a43c4757212d41427a44433aace13e7fa0d0ba99cb243
                                                                                                                                                                                                                                                    • Instruction ID: 69226dbc1699f54301d07acfe825534dacebc1307d61be46067c1148ae400e57
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3f9a2a20a340c6f3c8a43c4757212d41427a44433aace13e7fa0d0ba99cb243
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2115E32D1021ADFCF05EFA4D854AEDBBB5EF48315F0180A8E516B7260DB719D42CB90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE06E9 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00BE06F0
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: __EH_prolog3_GS.LIBCMT ref: 00BDF165
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: VariantClear.OLEAUT32 ref: 00BDF17A
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF215
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: SysAllocString.OLEAUT32(00000000), ref: 00BDF228
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: free.MSVCRT(00000000,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF257
                                                                                                                                                                                                                                                    • _wtoi.MSVCRT ref: 00BE075A
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00BE0769
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00BE0773
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClearH_prolog3_StringVariant$AllocByteCharFreeMultiWide_wtoifree
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1474463088-0
                                                                                                                                                                                                                                                    • Opcode ID: ee7d736edd738b7c295d1e4e27719fd1620d82458e86d71b1609f18ccda3eaf3
                                                                                                                                                                                                                                                    • Instruction ID: 1294267a86f8815f101e895e2e32b81ca41ea977780888944f747ecb1c56d397
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee7d736edd738b7c295d1e4e27719fd1620d82458e86d71b1609f18ccda3eaf3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37118F32D0021ADFCF01EBA4D844AEDBBB5EF08314F018098E916B7260DB71AD41CF90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BDF06F Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000), ref: 00BDF088
                                                                                                                                                                                                                                                    • SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 00BDF096
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000000,?,?,000000FF,00000000,00000000), ref: 00BDF0AC
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00BDF0B8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiStringWide$AllocFree
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 447844807-0
                                                                                                                                                                                                                                                    • Opcode ID: b054132f0eee04eb6752c0259daf23e213526f737c20ba9de8d70127afdb2d6d
                                                                                                                                                                                                                                                    • Instruction ID: c5fb72228958ce3a67c8dd5846d84b5026c3031b0e568cba70c824bbb79a74f1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b054132f0eee04eb6752c0259daf23e213526f737c20ba9de8d70127afdb2d6d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3DF0C836209116BB97214B969C8CE7BFEACDB86770B240267F51ED3290EE615D00C2B0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BDEA9A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ??3@Xmemstd::tr1::_
                                                                                                                                                                                                                                                    • String ID: 8
                                                                                                                                                                                                                                                    • API String ID: 2676974237-4194326291
                                                                                                                                                                                                                                                    • Opcode ID: 139076d7b568aab65f2ba90d510049c241bc3cf01cd7544def780335750988ee
                                                                                                                                                                                                                                                    • Instruction ID: 6f01db9ead2e3e03af0c1b64180c32a271425e665f495d43985102450b9e5970
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 139076d7b568aab65f2ba90d510049c241bc3cf01cd7544def780335750988ee
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9319576B016169FCB18EFA9C9D545DFBE9EF98310B24456BE916E7300EA70ED008B90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BDFBF6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00BDFC00
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: __EH_prolog3_GS.LIBCMT ref: 00BDF165
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: VariantClear.OLEAUT32 ref: 00BDF17A
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF215
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: SysAllocString.OLEAUT32(00000000), ref: 00BDF228
                                                                                                                                                                                                                                                      • Part of subcall function 00BDF15E: free.MSVCRT(00000000,?,00000014,00BE0AA9,?,00000020,00BDF785,?,//Profile/ETW/Process,?), ref: 00BDF257
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00BDFD1C
                                                                                                                                                                                                                                                      • Part of subcall function 00BDFFFD: __EH_prolog3_GS.LIBCMT ref: 00BE0004
                                                                                                                                                                                                                                                      • Part of subcall function 00BDCA85: __EH_prolog3_GS.LIBCMT ref: 00BDCA8F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: H_prolog3_$ClearVariant$AllocByteCharMultiStringWidefree
                                                                                                                                                                                                                                                    • String ID: Targets/Target
                                                                                                                                                                                                                                                    • API String ID: 2883521150-4232948680
                                                                                                                                                                                                                                                    • Opcode ID: 042c365ef23b97f02a9094e179ef2db89396a7c3d98d241178fc8e0d3816936a
                                                                                                                                                                                                                                                    • Instruction ID: b45269065975a1e338ac61364a0d0ce017e99e0a30b0ef0f6d73dfff8844f17b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 042c365ef23b97f02a9094e179ef2db89396a7c3d98d241178fc8e0d3816936a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E31E63190126A9FEB25DB64CC54BADB7B4AF44310F0181EAE90AB7251EB706E85DF60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BEC7D3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __aulldiv.LIBCMT ref: 00BEC7F2
                                                                                                                                                                                                                                                    • _CxxThrowException.MSVCRT(?,00BF0758), ref: 00BEC845
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • IoBucketizer has not been initialized, xrefs: 00BEC82F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionThrow__aulldiv
                                                                                                                                                                                                                                                    • String ID: IoBucketizer has not been initialized
                                                                                                                                                                                                                                                    • API String ID: 1607158013-2369748627
                                                                                                                                                                                                                                                    • Opcode ID: 03136f112163549ac8cc7541de6d74c6c10c4da1b887e579098fcdab550f0a04
                                                                                                                                                                                                                                                    • Instruction ID: 7e105fb3a95cf6b75c7b5c59771df92e88b67aee209d320a84904d455954ebb7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 03136f112163549ac8cc7541de6d74c6c10c4da1b887e579098fcdab550f0a04
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17015E32900158ABCB11EE56C9819A9FBE9FB48321B0581E1E9199F116D771FC16CBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00BE31FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(00000000), ref: 00BE3212
                                                                                                                                                                                                                                                      • Part of subcall function 00BE31AA: TerminateThread.KERNEL32(?,00000000), ref: 00BE31C9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Error signaling start event, xrefs: 00BE321C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000B.00000002.1892630019.0000000000BD1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BD0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892613896.0000000000BD0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892649067.0000000000BF1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000B.00000002.1892661187.0000000000BF2000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_bd0000_diskspd.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: EventTerminateThread
                                                                                                                                                                                                                                                    • String ID: Error signaling start event
                                                                                                                                                                                                                                                    • API String ID: 2007589259-38563648
                                                                                                                                                                                                                                                    • Opcode ID: ea38bb45f10dd7514b00d3c074931fae4815bbde0081554db082d5d767947a26
                                                                                                                                                                                                                                                    • Instruction ID: 74860d82a7d5a148c35928f93367d6c8e826f85a2e4d2578b7bdfce70dd7ec2a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea38bb45f10dd7514b00d3c074931fae4815bbde0081554db082d5d767947a26
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54E0DF31004385EFE700AF27EC0D7AC7BD5EB40B12F60C049F645072A1DFB09A90CA61
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:13.8%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                                                                                    Total number of Nodes:1262
                                                                                                                                                                                                                                                    Total number of Limit Nodes:19
                                                                                                                                                                                                                                                    execution_graph 3265 401cc1 GetDlgItem GetClientRect 3266 402a0c 18 API calls 3265->3266 3267 401cf1 LoadImageA SendMessageA 3266->3267 3268 4028a1 3267->3268 3269 401d0f DeleteObject 3267->3269 3269->3268 3270 401dc1 3271 402a0c 18 API calls 3270->3271 3272 401dc7 3271->3272 3273 402a0c 18 API calls 3272->3273 3274 401dd0 3273->3274 3275 402a0c 18 API calls 3274->3275 3276 401dd9 3275->3276 3277 402a0c 18 API calls 3276->3277 3278 401de2 3277->3278 3279 401423 25 API calls 3278->3279 3280 401de9 ShellExecuteA 3279->3280 3281 401e16 3280->3281 3282 401645 3283 402a0c 18 API calls 3282->3283 3284 40164c 3283->3284 3285 402a0c 18 API calls 3284->3285 3286 401655 3285->3286 3287 402a0c 18 API calls 3286->3287 3288 40165e MoveFileA 3287->3288 3289 401671 3288->3289 3290 40166a 3288->3290 3292 405e9c 2 API calls 3289->3292 3294 40217f 3289->3294 3291 401423 25 API calls 3290->3291 3291->3294 3293 401680 3292->3293 3293->3294 3295 4058ef 40 API calls 3293->3295 3295->3290 3296 401ec5 3297 402a0c 18 API calls 3296->3297 3298 401ecc 3297->3298 3299 405f2d 5 API calls 3298->3299 3300 401edb 3299->3300 3301 401ef3 GlobalAlloc 3300->3301 3303 401f5b 3300->3303 3302 401f07 3301->3302 3301->3303 3304 405f2d 5 API calls 3302->3304 3305 401f0e 3304->3305 3306 405f2d 5 API calls 3305->3306 3307 401f18 3306->3307 3307->3303 3311 405aff wsprintfA 3307->3311 3309 401f4f 3312 405aff wsprintfA 3309->3312 3311->3309 3312->3303 3313 4023c5 3324 402b16 3313->3324 3315 4023cf 3316 402a0c 18 API calls 3315->3316 3317 4023d8 3316->3317 3318 4023e2 RegQueryValueExA 3317->3318 3322 402672 3317->3322 3319 402402 3318->3319 3320 402408 RegCloseKey 3318->3320 3319->3320 3328 405aff wsprintfA 3319->3328 3320->3322 3325 402a0c 18 API calls 3324->3325 3326 402b2f 3325->3326 3327 402b3d RegOpenKeyExA 3326->3327 3327->3315 3328->3320 3332 404fcb 3333 405177 3332->3333 3334 404fec GetDlgItem GetDlgItem GetDlgItem 3332->3334 3336 405180 GetDlgItem CreateThread CloseHandle 3333->3336 3337 4051a8 3333->3337 3378 403e92 SendMessageA 3334->3378 3336->3337 3339 4051d3 3337->3339 3340 4051f5 3337->3340 3341 4051bf ShowWindow ShowWindow 3337->3341 3338 40505d 3345 405064 GetClientRect GetSystemMetrics SendMessageA SendMessageA 3338->3345 3342 4051e4 3339->3342 3343 40520a ShowWindow 3339->3343 3346 405231 3339->3346 3387 403ec4 3340->3387 3383 403e92 SendMessageA 3341->3383 3384 403e36 3342->3384 3350 40522a 3343->3350 3351 40521c 3343->3351 3352 4050d3 3345->3352 3353 4050b7 SendMessageA SendMessageA 3345->3353 3346->3340 3354 40523c SendMessageA 3346->3354 3349 405203 3356 403e36 SendMessageA 3350->3356 3355 404e8d 25 API calls 3351->3355 3357 4050e6 3352->3357 3358 4050d8 SendMessageA 3352->3358 3353->3352 3354->3349 3359 405255 CreatePopupMenu 3354->3359 3355->3350 3356->3346 3379 403e5d 3357->3379 3358->3357 3360 405bc3 18 API calls 3359->3360 3363 405265 AppendMenuA 3360->3363 3362 4050f6 3366 405133 GetDlgItem SendMessageA 3362->3366 3367 4050ff ShowWindow 3362->3367 3364 405278 GetWindowRect 3363->3364 3365 40528b 3363->3365 3368 405294 TrackPopupMenu 3364->3368 3365->3368 3366->3349 3370 40515a SendMessageA SendMessageA 3366->3370 3369 405115 ShowWindow 3367->3369 3372 405122 3367->3372 3368->3349 3371 4052b2 3368->3371 3369->3372 3370->3349 3373 4052ce SendMessageA 3371->3373 3382 403e92 SendMessageA 3372->3382 3373->3373 3375 4052eb OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3373->3375 3376 40530d SendMessageA 3375->3376 3376->3376 3377 40532e GlobalUnlock SetClipboardData CloseClipboard 3376->3377 3377->3349 3378->3338 3380 405bc3 18 API calls 3379->3380 3381 403e68 SetDlgItemTextA 3380->3381 3381->3362 3382->3366 3383->3339 3385 403e43 SendMessageA 3384->3385 3386 403e3d 3384->3386 3385->3340 3386->3385 3388 403edc GetWindowLongA 3387->3388 3398 403f65 3387->3398 3389 403eed 3388->3389 3388->3398 3390 403efc GetSysColor 3389->3390 3391 403eff 3389->3391 3390->3391 3392 403f05 SetTextColor 3391->3392 3393 403f0f SetBkMode 3391->3393 3392->3393 3394 403f27 GetSysColor 3393->3394 3395 403f2d 3393->3395 3394->3395 3396 403f34 SetBkColor 3395->3396 3397 403f3e 3395->3397 3396->3397 3397->3398 3399 403f51 DeleteObject 3397->3399 3400 403f58 CreateBrushIndirect 3397->3400 3398->3349 3399->3400 3400->3398 3401 402b51 3402 402b60 SetTimer 3401->3402 3403 402b79 3401->3403 3402->3403 3404 402bce 3403->3404 3405 402b93 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 3403->3405 3405->3404 3406 404254 3407 404264 3406->3407 3408 40428a 3406->3408 3410 403e5d 19 API calls 3407->3410 3409 403ec4 8 API calls 3408->3409 3411 404296 3409->3411 3412 404271 SetDlgItemTextA 3410->3412 3412->3408 3413 402654 3414 402a0c 18 API calls 3413->3414 3415 40265b FindFirstFileA 3414->3415 3416 40267e 3415->3416 3420 40266e 3415->3420 3421 405aff wsprintfA 3416->3421 3418 402685 3422 405ba1 lstrcpynA 3418->3422 3421->3418 3422->3420 3423 4024d4 3424 4024d9 3423->3424 3425 4024ea 3423->3425 3432 4029ef 3424->3432 3427 402a0c 18 API calls 3425->3427 3428 4024f1 lstrlenA 3427->3428 3429 4024e0 3428->3429 3430 402510 WriteFile 3429->3430 3431 402672 3429->3431 3430->3431 3433 405bc3 18 API calls 3432->3433 3434 402a03 3433->3434 3434->3429 3435 4014d6 3436 4029ef 18 API calls 3435->3436 3437 4014dc Sleep 3436->3437 3439 4028a1 3437->3439 3445 4018d8 3446 40190f 3445->3446 3447 402a0c 18 API calls 3446->3447 3448 401914 3447->3448 3449 4054c6 70 API calls 3448->3449 3450 40191d 3449->3450 3451 4018db 3452 402a0c 18 API calls 3451->3452 3453 4018e2 3452->3453 3454 405462 MessageBoxIndirectA 3453->3454 3455 4018eb 3454->3455 3456 4047dc GetDlgItem GetDlgItem 3457 404830 7 API calls 3456->3457 3466 404a4d 3456->3466 3458 4048d6 DeleteObject 3457->3458 3459 4048c9 SendMessageA 3457->3459 3460 4048e1 3458->3460 3459->3458 3461 404918 3460->3461 3465 405bc3 18 API calls 3460->3465 3463 403e5d 19 API calls 3461->3463 3462 404b37 3464 404be6 3462->3464 3468 404a40 3462->3468 3474 404b90 SendMessageA 3462->3474 3467 40492c 3463->3467 3469 404bfb 3464->3469 3470 404bef SendMessageA 3464->3470 3471 4048fa SendMessageA SendMessageA 3465->3471 3466->3462 3490 404ac1 3466->3490 3509 40475c SendMessageA 3466->3509 3473 403e5d 19 API calls 3467->3473 3475 403ec4 8 API calls 3468->3475 3477 404c14 3469->3477 3478 404c0d ImageList_Destroy 3469->3478 3486 404c24 3469->3486 3470->3469 3471->3460 3491 40493a 3473->3491 3474->3468 3480 404ba5 SendMessageA 3474->3480 3481 404dd6 3475->3481 3476 404b29 SendMessageA 3476->3462 3482 404c1d GlobalFree 3477->3482 3477->3486 3478->3477 3479 404d8a 3479->3468 3487 404d9c ShowWindow GetDlgItem ShowWindow 3479->3487 3484 404bb8 3480->3484 3482->3486 3483 404a0e GetWindowLongA SetWindowLongA 3485 404a27 3483->3485 3497 404bc9 SendMessageA 3484->3497 3488 404a45 3485->3488 3489 404a2d ShowWindow 3485->3489 3486->3479 3495 40140b 2 API calls 3486->3495 3501 404c56 3486->3501 3487->3468 3508 403e92 SendMessageA 3488->3508 3507 403e92 SendMessageA 3489->3507 3490->3462 3490->3476 3491->3483 3494 404989 SendMessageA 3491->3494 3498 404a08 3491->3498 3499 4049c5 SendMessageA 3491->3499 3500 4049d6 SendMessageA 3491->3500 3494->3491 3495->3501 3496 404c9a 3502 404d60 InvalidateRect 3496->3502 3506 404d0e SendMessageA SendMessageA 3496->3506 3497->3464 3498->3483 3498->3485 3499->3491 3500->3491 3501->3496 3504 404c84 SendMessageA 3501->3504 3502->3479 3503 404d76 3502->3503 3514 404717 3503->3514 3504->3496 3506->3496 3507->3468 3508->3466 3510 4047bb SendMessageA 3509->3510 3511 40477f GetMessagePos ScreenToClient SendMessageA 3509->3511 3512 4047b3 3510->3512 3511->3512 3513 4047b8 3511->3513 3512->3490 3513->3510 3517 404652 3514->3517 3516 40472c 3516->3479 3518 404668 3517->3518 3519 405bc3 18 API calls 3518->3519 3520 4046cc 3519->3520 3521 405bc3 18 API calls 3520->3521 3522 4046d7 3521->3522 3523 405bc3 18 API calls 3522->3523 3524 4046ed lstrlenA wsprintfA SetDlgItemTextA 3523->3524 3524->3516 3525 404ddd 3526 404e02 3525->3526 3527 404deb 3525->3527 3529 404e10 IsWindowVisible 3526->3529 3535 404e27 3526->3535 3528 404df1 3527->3528 3543 404e6b 3527->3543 3530 403ea9 SendMessageA 3528->3530 3532 404e1d 3529->3532 3529->3543 3533 404dfb 3530->3533 3531 404e71 CallWindowProcA 3531->3533 3534 40475c 5 API calls 3532->3534 3534->3535 3535->3531 3544 405ba1 lstrcpynA 3535->3544 3537 404e56 3545 405aff wsprintfA 3537->3545 3539 404e5d 3540 40140b 2 API calls 3539->3540 3541 404e64 3540->3541 3546 405ba1 lstrcpynA 3541->3546 3543->3531 3544->3537 3545->3539 3546->3543 3547 4025e2 3548 4025e9 3547->3548 3551 40284e 3547->3551 3549 4029ef 18 API calls 3548->3549 3550 4025f4 3549->3550 3552 4025fb SetFilePointer 3550->3552 3552->3551 3553 40260b 3552->3553 3555 405aff wsprintfA 3553->3555 3555->3551 3556 401ae5 3557 402a0c 18 API calls 3556->3557 3558 401aec 3557->3558 3559 4029ef 18 API calls 3558->3559 3560 401af5 wsprintfA 3559->3560 3561 4028a1 3560->3561 3562 4019e6 3563 402a0c 18 API calls 3562->3563 3564 4019ef ExpandEnvironmentStringsA 3563->3564 3565 401a03 3564->3565 3567 401a16 3564->3567 3566 401a08 lstrcmpA 3565->3566 3565->3567 3566->3567 3568 401f67 3569 401f79 3568->3569 3570 402028 3568->3570 3571 402a0c 18 API calls 3569->3571 3572 401423 25 API calls 3570->3572 3573 401f80 3571->3573 3579 40217f 3572->3579 3574 402a0c 18 API calls 3573->3574 3575 401f89 3574->3575 3576 401f91 GetModuleHandleA 3575->3576 3577 401f9e LoadLibraryExA 3575->3577 3576->3577 3578 401fae GetProcAddress 3576->3578 3577->3570 3577->3578 3580 401ffb 3578->3580 3581 401fbe 3578->3581 3582 404e8d 25 API calls 3580->3582 3583 401423 25 API calls 3581->3583 3584 401fce 3581->3584 3582->3584 3583->3584 3584->3579 3585 40201c FreeLibrary 3584->3585 3585->3579 3586 4045ec 3587 404618 3586->3587 3588 4045fc 3586->3588 3590 40464b 3587->3590 3591 40461e SHGetPathFromIDListA 3587->3591 3597 405446 GetDlgItemTextA 3588->3597 3593 404635 SendMessageA 3591->3593 3594 40462e 3591->3594 3592 404609 SendMessageA 3592->3587 3593->3590 3595 40140b 2 API calls 3594->3595 3595->3593 3597->3592 3598 401c6d 3599 4029ef 18 API calls 3598->3599 3600 401c73 IsWindow 3599->3600 3601 4019d6 3600->3601 3602 4014f0 SetForegroundWindow 3603 4028a1 3602->3603 3604 403f71 lstrcpynA lstrlenA 3605 4016fa 3606 402a0c 18 API calls 3605->3606 3607 401701 SearchPathA 3606->3607 3608 4027cc 3607->3608 3609 40171c 3607->3609 3609->3608 3611 405ba1 lstrcpynA 3609->3611 3611->3608 3612 40287c SendMessageA 3613 4028a1 3612->3613 3614 402896 InvalidateRect 3612->3614 3614->3613 3615 40227d 3616 402a0c 18 API calls 3615->3616 3617 40228b 3616->3617 3618 402a0c 18 API calls 3617->3618 3619 402294 3618->3619 3620 402a0c 18 API calls 3619->3620 3621 40229e GetPrivateProfileStringA 3620->3621 3622 4014fe 3623 401506 3622->3623 3625 401519 3622->3625 3624 4029ef 18 API calls 3623->3624 3624->3625 3626 401000 3627 401037 BeginPaint GetClientRect 3626->3627 3628 40100c DefWindowProcA 3626->3628 3630 4010f3 3627->3630 3631 401179 3628->3631 3632 401073 CreateBrushIndirect FillRect DeleteObject 3630->3632 3633 4010fc 3630->3633 3632->3630 3634 401102 CreateFontIndirectA 3633->3634 3635 401167 EndPaint 3633->3635 3634->3635 3636 401112 6 API calls 3634->3636 3635->3631 3636->3635 3637 401b06 3638 401b57 3637->3638 3640 401b13 3637->3640 3641 401b80 GlobalAlloc 3638->3641 3642 401b5b 3638->3642 3639 402211 3645 405bc3 18 API calls 3639->3645 3640->3639 3648 401b2a 3640->3648 3644 405bc3 18 API calls 3641->3644 3643 401b9b 3642->3643 3658 405ba1 lstrcpynA 3642->3658 3644->3643 3647 40221e 3645->3647 3651 405462 MessageBoxIndirectA 3647->3651 3656 405ba1 lstrcpynA 3648->3656 3649 401b6d GlobalFree 3649->3643 3651->3643 3652 401b39 3657 405ba1 lstrcpynA 3652->3657 3654 401b48 3659 405ba1 lstrcpynA 3654->3659 3656->3652 3657->3654 3658->3649 3659->3643 3660 402188 3661 402a0c 18 API calls 3660->3661 3662 40218e 3661->3662 3663 402a0c 18 API calls 3662->3663 3664 402197 3663->3664 3665 402a0c 18 API calls 3664->3665 3666 4021a0 3665->3666 3667 405e9c 2 API calls 3666->3667 3668 4021a9 3667->3668 3669 4021ba lstrlenA lstrlenA 3668->3669 3673 4021ad 3668->3673 3670 404e8d 25 API calls 3669->3670 3672 4021f6 SHFileOperationA 3670->3672 3671 404e8d 25 API calls 3674 4021b5 3671->3674 3672->3673 3672->3674 3673->3671 3673->3674 2885 401389 2887 401390 2885->2887 2886 4013fe 2887->2886 2888 4013cb MulDiv SendMessageA 2887->2888 2888->2887 3675 40220a 3676 402211 3675->3676 3679 402224 3675->3679 3677 405bc3 18 API calls 3676->3677 3678 40221e 3677->3678 3680 405462 MessageBoxIndirectA 3678->3680 3680->3679 3681 40398a 3682 4039a2 3681->3682 3683 403add 3681->3683 3682->3683 3684 4039ae 3682->3684 3685 403b2e 3683->3685 3686 403aee GetDlgItem GetDlgItem 3683->3686 3687 4039b9 SetWindowPos 3684->3687 3688 4039cc 3684->3688 3690 403b88 3685->3690 3698 401389 2 API calls 3685->3698 3689 403e5d 19 API calls 3686->3689 3687->3688 3692 4039d1 ShowWindow 3688->3692 3693 4039e9 3688->3693 3694 403b18 SetClassLongA 3689->3694 3691 403ea9 SendMessageA 3690->3691 3740 403ad8 3690->3740 3738 403b9a 3691->3738 3692->3693 3695 4039f1 DestroyWindow 3693->3695 3696 403a0b 3693->3696 3697 40140b 2 API calls 3694->3697 3748 403de6 3695->3748 3700 403a10 SetWindowLongA 3696->3700 3701 403a21 3696->3701 3697->3685 3699 403b60 3698->3699 3699->3690 3702 403b64 SendMessageA 3699->3702 3700->3740 3705 403a2d GetDlgItem 3701->3705 3717 403a98 3701->3717 3702->3740 3703 40140b 2 API calls 3703->3738 3704 403de8 DestroyWindow EndDialog 3704->3748 3708 403a40 SendMessageA IsWindowEnabled 3705->3708 3709 403a5d 3705->3709 3706 403ec4 8 API calls 3706->3740 3707 403e17 ShowWindow 3707->3740 3708->3709 3708->3740 3711 403a6a 3709->3711 3712 403ab1 SendMessageA 3709->3712 3713 403a7d 3709->3713 3721 403a62 3709->3721 3710 405bc3 18 API calls 3710->3738 3711->3712 3711->3721 3712->3717 3715 403a85 3713->3715 3716 403a9a 3713->3716 3714 403e36 SendMessageA 3714->3717 3718 40140b 2 API calls 3715->3718 3719 40140b 2 API calls 3716->3719 3717->3706 3718->3721 3719->3721 3720 403e5d 19 API calls 3720->3738 3721->3714 3721->3717 3722 403e5d 19 API calls 3723 403c15 GetDlgItem 3722->3723 3724 403c32 ShowWindow EnableWindow 3723->3724 3725 403c2a 3723->3725 3749 403e7f EnableWindow 3724->3749 3725->3724 3727 403c5c EnableWindow 3730 403c70 3727->3730 3728 403c75 GetSystemMenu EnableMenuItem SendMessageA 3729 403ca5 SendMessageA 3728->3729 3728->3730 3729->3730 3730->3728 3750 403e92 SendMessageA 3730->3750 3751 405ba1 lstrcpynA 3730->3751 3733 403cd3 lstrlenA 3734 405bc3 18 API calls 3733->3734 3735 403ce4 SetWindowTextA 3734->3735 3736 401389 2 API calls 3735->3736 3736->3738 3737 403d28 DestroyWindow 3739 403d42 CreateDialogParamA 3737->3739 3737->3748 3738->3703 3738->3704 3738->3710 3738->3720 3738->3722 3738->3737 3738->3740 3741 403d75 3739->3741 3739->3748 3742 403e5d 19 API calls 3741->3742 3743 403d80 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3742->3743 3744 401389 2 API calls 3743->3744 3745 403dc6 3744->3745 3745->3740 3746 403dce ShowWindow 3745->3746 3747 403ea9 SendMessageA 3746->3747 3747->3748 3748->3707 3748->3740 3749->3727 3750->3730 3751->3733 3752 401c8a 3753 4029ef 18 API calls 3752->3753 3754 401c91 3753->3754 3755 4029ef 18 API calls 3754->3755 3756 401c99 GetDlgItem 3755->3756 3757 4024ce 3756->3757 3003 40310d SetErrorMode GetVersion 3004 403143 3003->3004 3005 403149 3003->3005 3006 405f2d 5 API calls 3004->3006 3007 405ec3 3 API calls 3005->3007 3006->3005 3008 40315e 3007->3008 3009 405ec3 3 API calls 3008->3009 3010 403168 3009->3010 3011 405ec3 3 API calls 3010->3011 3012 403172 3011->3012 3013 405f2d 5 API calls 3012->3013 3014 403179 3013->3014 3015 405f2d 5 API calls 3014->3015 3016 403180 #17 OleInitialize SHGetFileInfoA 3015->3016 3096 405ba1 lstrcpynA 3016->3096 3018 4031bd GetCommandLineA 3097 405ba1 lstrcpynA 3018->3097 3020 4031cf GetModuleHandleA 3021 4031e6 3020->3021 3022 4056bf CharNextA 3021->3022 3023 4031fa CharNextA 3022->3023 3031 403207 3023->3031 3024 403270 3025 403283 GetTempPathA 3024->3025 3098 4030dc 3025->3098 3027 403299 3028 4032bd DeleteFileA 3027->3028 3029 40329d GetWindowsDirectoryA lstrcatA 3027->3029 3108 402c38 GetTickCount GetModuleFileNameA 3028->3108 3032 4030dc 12 API calls 3029->3032 3030 4056bf CharNextA 3030->3031 3031->3024 3031->3030 3035 403272 3031->3035 3034 4032b9 3032->3034 3034->3028 3037 40333b ExitProcess OleUninitialize 3034->3037 3193 405ba1 lstrcpynA 3035->3193 3036 4032ce 3036->3037 3043 4056bf CharNextA 3036->3043 3075 403327 3036->3075 3039 403350 3037->3039 3040 40345f 3037->3040 3044 405462 MessageBoxIndirectA 3039->3044 3041 403502 ExitProcess 3040->3041 3045 405f2d 5 API calls 3040->3045 3048 4032e5 3043->3048 3049 40335e ExitProcess 3044->3049 3050 403472 3045->3050 3052 403302 3048->3052 3053 403366 3048->3053 3051 405f2d 5 API calls 3050->3051 3054 40347b 3051->3054 3056 405775 18 API calls 3052->3056 3196 4053e9 3053->3196 3057 405f2d 5 API calls 3054->3057 3059 40330d 3056->3059 3060 403484 3057->3060 3059->3037 3194 405ba1 lstrcpynA 3059->3194 3069 403492 GetCurrentProcess 3060->3069 3078 4034a2 3060->3078 3061 403387 lstrcatA lstrcmpiA 3061->3037 3064 4033a3 3061->3064 3062 40337c lstrcatA 3062->3061 3063 405f2d 5 API calls 3079 4034d9 3063->3079 3066 4033a8 3064->3066 3067 4033af 3064->3067 3199 40534f CreateDirectoryA 3066->3199 3204 4053cc CreateDirectoryA 3067->3204 3068 40331c 3195 405ba1 lstrcpynA 3068->3195 3069->3078 3070 4034ee ExitWindowsEx 3070->3041 3076 4034fb 3070->3076 3136 4035f4 3075->3136 3212 40140b 3076->3212 3077 4033b4 SetCurrentDirectoryA 3081 4033c3 3077->3081 3082 4033ce 3077->3082 3078->3063 3079->3070 3079->3076 3207 405ba1 lstrcpynA 3081->3207 3208 405ba1 lstrcpynA 3082->3208 3085 405bc3 18 API calls 3086 4033fe DeleteFileA 3085->3086 3087 40340b CopyFileA 3086->3087 3093 4033dc 3086->3093 3087->3093 3088 403453 3090 4058ef 40 API calls 3088->3090 3089 4058ef 40 API calls 3089->3093 3091 40345a 3090->3091 3091->3037 3092 405bc3 18 API calls 3092->3093 3093->3085 3093->3088 3093->3089 3093->3092 3095 40343f CloseHandle 3093->3095 3209 405401 CreateProcessA 3093->3209 3095->3093 3096->3018 3097->3020 3099 405e03 5 API calls 3098->3099 3100 4030e8 3099->3100 3101 4030f2 3100->3101 3102 405694 3 API calls 3100->3102 3101->3027 3103 4030fa 3102->3103 3104 4053cc 2 API calls 3103->3104 3105 403100 3104->3105 3215 4058a7 3105->3215 3219 405878 GetFileAttributesA CreateFileA 3108->3219 3110 402c78 3135 402c88 3110->3135 3220 405ba1 lstrcpynA 3110->3220 3112 402c9e 3113 4056db 2 API calls 3112->3113 3114 402ca4 3113->3114 3221 405ba1 lstrcpynA 3114->3221 3116 402caf GetFileSize 3117 402dab 3116->3117 3129 402cc6 3116->3129 3222 402bd4 3117->3222 3119 402db4 3121 402de4 GlobalAlloc 3119->3121 3119->3135 3233 4030c5 SetFilePointer 3119->3233 3120 403093 ReadFile 3120->3129 3234 4030c5 SetFilePointer 3121->3234 3123 402e17 3127 402bd4 6 API calls 3123->3127 3125 402dcd 3128 403093 ReadFile 3125->3128 3126 402dff 3130 402e71 33 API calls 3126->3130 3127->3135 3131 402dd8 3128->3131 3129->3117 3129->3120 3129->3123 3132 402bd4 6 API calls 3129->3132 3129->3135 3133 402e0b 3130->3133 3131->3121 3131->3135 3132->3129 3133->3133 3134 402e48 SetFilePointer 3133->3134 3133->3135 3134->3135 3135->3036 3137 405f2d 5 API calls 3136->3137 3138 403608 3137->3138 3139 403620 3138->3139 3140 40360e 3138->3140 3141 405a88 3 API calls 3139->3141 3248 405aff wsprintfA 3140->3248 3142 403641 3141->3142 3143 40365f lstrcatA 3142->3143 3145 405a88 3 API calls 3142->3145 3146 40361e 3143->3146 3145->3143 3239 4038bd 3146->3239 3149 405775 18 API calls 3150 403691 3149->3150 3151 40371a 3150->3151 3153 405a88 3 API calls 3150->3153 3152 405775 18 API calls 3151->3152 3154 403720 3152->3154 3156 4036bd 3153->3156 3155 403730 LoadImageA 3154->3155 3157 405bc3 18 API calls 3154->3157 3158 4037e4 3155->3158 3159 40375b RegisterClassA 3155->3159 3156->3151 3160 4036d9 lstrlenA 3156->3160 3163 4056bf CharNextA 3156->3163 3157->3155 3162 40140b 2 API calls 3158->3162 3161 403797 SystemParametersInfoA CreateWindowExA 3159->3161 3191 403337 3159->3191 3164 4036e7 lstrcmpiA 3160->3164 3165 40370d 3160->3165 3161->3158 3166 4037ea 3162->3166 3167 4036d7 3163->3167 3164->3165 3168 4036f7 GetFileAttributesA 3164->3168 3169 405694 3 API calls 3165->3169 3171 4038bd 19 API calls 3166->3171 3166->3191 3167->3160 3170 403703 3168->3170 3172 403713 3169->3172 3170->3165 3173 4056db 2 API calls 3170->3173 3174 4037fb 3171->3174 3249 405ba1 lstrcpynA 3172->3249 3173->3165 3176 403807 ShowWindow 3174->3176 3177 40388a 3174->3177 3179 405ec3 3 API calls 3176->3179 3250 404f5f OleInitialize 3177->3250 3181 40381f 3179->3181 3180 403890 3182 403894 3180->3182 3183 4038ac 3180->3183 3184 40382d GetClassInfoA 3181->3184 3186 405ec3 3 API calls 3181->3186 3190 40140b 2 API calls 3182->3190 3182->3191 3185 40140b 2 API calls 3183->3185 3187 403841 GetClassInfoA RegisterClassA 3184->3187 3188 403857 DialogBoxParamA 3184->3188 3185->3191 3186->3184 3187->3188 3189 40140b 2 API calls 3188->3189 3192 40387f 3189->3192 3190->3191 3191->3037 3192->3191 3193->3025 3194->3068 3195->3075 3197 405f2d 5 API calls 3196->3197 3198 40336b lstrcatA 3197->3198 3198->3061 3198->3062 3200 4053a0 GetLastError 3199->3200 3201 4033ad 3199->3201 3200->3201 3202 4053af SetFileSecurityA 3200->3202 3201->3077 3202->3201 3203 4053c5 GetLastError 3202->3203 3203->3201 3205 4053e0 GetLastError 3204->3205 3206 4053dc 3204->3206 3205->3206 3206->3077 3207->3082 3208->3093 3210 405430 CloseHandle 3209->3210 3211 40543c 3209->3211 3210->3211 3211->3093 3213 401389 2 API calls 3212->3213 3214 401420 3213->3214 3214->3041 3216 4058b2 GetTickCount GetTempFileNameA 3215->3216 3217 4058de 3216->3217 3218 40310b 3216->3218 3217->3216 3217->3218 3218->3027 3219->3110 3220->3112 3221->3116 3223 402bf5 3222->3223 3224 402bdd 3222->3224 3225 402c05 GetTickCount 3223->3225 3226 402bfd 3223->3226 3227 402be6 DestroyWindow 3224->3227 3228 402bed 3224->3228 3230 402c13 CreateDialogParamA ShowWindow 3225->3230 3231 402c36 3225->3231 3235 405f69 3226->3235 3227->3228 3228->3119 3230->3231 3231->3119 3233->3125 3234->3126 3236 405f86 PeekMessageA 3235->3236 3237 402c03 3236->3237 3238 405f7c DispatchMessageA 3236->3238 3237->3119 3238->3236 3240 4038d1 3239->3240 3257 405aff wsprintfA 3240->3257 3242 403942 3243 405bc3 18 API calls 3242->3243 3244 40394e SetWindowTextA 3243->3244 3245 40366f 3244->3245 3246 40396a 3244->3246 3245->3149 3246->3245 3247 405bc3 18 API calls 3246->3247 3247->3246 3248->3146 3249->3151 3258 403ea9 3250->3258 3252 403ea9 SendMessageA 3254 404fbb OleUninitialize 3252->3254 3253 404f82 3256 404fa9 3253->3256 3261 401389 3253->3261 3254->3180 3256->3252 3257->3242 3259 403ec1 3258->3259 3260 403eb2 SendMessageA 3258->3260 3259->3253 3260->3259 3263 401390 3261->3263 3262 4013fe 3262->3253 3263->3262 3264 4013cb MulDiv SendMessageA 3263->3264 3264->3263 3764 401490 3765 404e8d 25 API calls 3764->3765 3766 401497 3765->3766 3767 402611 3768 4028a1 3767->3768 3769 402618 3767->3769 3770 40261e FindClose 3769->3770 3770->3768 3771 402692 3772 402a0c 18 API calls 3771->3772 3774 4026a0 3772->3774 3773 4026b6 3776 405859 2 API calls 3773->3776 3774->3773 3775 402a0c 18 API calls 3774->3775 3775->3773 3777 4026bc 3776->3777 3797 405878 GetFileAttributesA CreateFileA 3777->3797 3779 4026c9 3780 402772 3779->3780 3781 4026d5 GlobalAlloc 3779->3781 3782 40277a DeleteFileA 3780->3782 3783 40278d 3780->3783 3784 402769 CloseHandle 3781->3784 3785 4026ee 3781->3785 3782->3783 3784->3780 3798 4030c5 SetFilePointer 3785->3798 3787 4026f4 3788 403093 ReadFile 3787->3788 3789 4026fd GlobalAlloc 3788->3789 3790 402741 WriteFile GlobalFree 3789->3790 3791 40270d 3789->3791 3793 402e71 33 API calls 3790->3793 3792 402e71 33 API calls 3791->3792 3796 40271a 3792->3796 3794 402766 3793->3794 3794->3784 3795 402738 GlobalFree 3795->3790 3796->3795 3797->3779 3798->3787 3799 402793 3800 4029ef 18 API calls 3799->3800 3801 402799 3800->3801 3802 4027d4 3801->3802 3803 4027bd 3801->3803 3809 402672 3801->3809 3804 4027ea 3802->3804 3805 4027de 3802->3805 3806 4027c2 3803->3806 3812 4027d1 3803->3812 3808 405bc3 18 API calls 3804->3808 3807 4029ef 18 API calls 3805->3807 3813 405ba1 lstrcpynA 3806->3813 3807->3812 3808->3812 3812->3809 3814 405aff wsprintfA 3812->3814 3813->3809 3814->3809 3815 401595 3816 402a0c 18 API calls 3815->3816 3817 40159c SetFileAttributesA 3816->3817 3818 4015ae 3817->3818 3819 401e95 3820 402a0c 18 API calls 3819->3820 3821 401e9c 3820->3821 3822 405e9c 2 API calls 3821->3822 3823 401ea2 3822->3823 3825 401eb4 3823->3825 3826 405aff wsprintfA 3823->3826 3826->3825 3827 401696 3828 402a0c 18 API calls 3827->3828 3829 40169c GetFullPathNameA 3828->3829 3830 4016d4 3829->3830 3831 4016b3 3829->3831 3832 4028a1 3830->3832 3833 4016e8 GetShortPathNameA 3830->3833 3831->3830 3834 405e9c 2 API calls 3831->3834 3833->3832 3835 4016c4 3834->3835 3835->3830 3837 405ba1 lstrcpynA 3835->3837 3837->3830 3838 402319 3839 40231f 3838->3839 3840 402a0c 18 API calls 3839->3840 3841 402331 3840->3841 3842 402a0c 18 API calls 3841->3842 3843 40233b RegCreateKeyExA 3842->3843 3844 4028a1 3843->3844 3845 402365 3843->3845 3846 40237d 3845->3846 3847 402a0c 18 API calls 3845->3847 3848 402389 3846->3848 3850 4029ef 18 API calls 3846->3850 3849 402376 lstrlenA 3847->3849 3851 4023a4 RegSetValueExA 3848->3851 3852 402e71 33 API calls 3848->3852 3849->3846 3850->3848 3853 4023ba RegCloseKey 3851->3853 3852->3851 3853->3844 3855 402819 3856 4029ef 18 API calls 3855->3856 3857 40281f 3856->3857 3858 402850 3857->3858 3860 40282d 3857->3860 3861 402672 3857->3861 3859 405bc3 18 API calls 3858->3859 3858->3861 3859->3861 3860->3861 3863 405aff wsprintfA 3860->3863 3863->3861 2889 40351a 2890 403532 2889->2890 2891 403524 CloseHandle 2889->2891 2896 40355f 2890->2896 2891->2890 2897 40356d 2896->2897 2898 403537 2897->2898 2899 403572 FreeLibrary GlobalFree 2897->2899 2900 4054c6 2898->2900 2899->2898 2899->2899 2938 405775 2900->2938 2903 4054e3 DeleteFileA 2933 403543 2903->2933 2904 4054fa 2905 40562f 2904->2905 2953 405ba1 lstrcpynA 2904->2953 2910 405e9c 2 API calls 2905->2910 2905->2933 2907 405524 2908 405535 2907->2908 2909 405528 lstrcatA 2907->2909 2954 4056db lstrlenA 2908->2954 2911 40553b 2909->2911 2914 405654 2910->2914 2913 405549 lstrcatA 2911->2913 2915 405554 lstrlenA FindFirstFileA 2911->2915 2913->2915 2916 405694 3 API calls 2914->2916 2914->2933 2915->2905 2919 405578 2915->2919 2918 40565e 2916->2918 2917 4056bf CharNextA 2917->2919 2920 405859 2 API calls 2918->2920 2919->2917 2925 40560e FindNextFileA 2919->2925 2931 405859 2 API calls 2919->2931 2932 4054c6 61 API calls 2919->2932 2935 404e8d 25 API calls 2919->2935 2936 404e8d 25 API calls 2919->2936 2958 405ba1 lstrcpynA 2919->2958 2959 4058ef 2919->2959 2921 405664 RemoveDirectoryA 2920->2921 2922 405686 2921->2922 2923 40566f 2921->2923 2924 404e8d 25 API calls 2922->2924 2928 404e8d 25 API calls 2923->2928 2923->2933 2924->2933 2925->2919 2927 405626 FindClose 2925->2927 2927->2905 2929 40567d 2928->2929 2930 4058ef 40 API calls 2929->2930 2930->2933 2934 4055db DeleteFileA 2931->2934 2932->2919 2934->2919 2935->2925 2936->2919 2985 405ba1 lstrcpynA 2938->2985 2940 405786 2941 405728 4 API calls 2940->2941 2942 40578c 2941->2942 2943 4054da 2942->2943 2944 405e03 5 API calls 2942->2944 2943->2903 2943->2904 2945 40579c 2944->2945 2945->2943 2951 4057af 2945->2951 2946 4057c7 lstrlenA 2947 4057d2 2946->2947 2946->2951 2948 405694 3 API calls 2947->2948 2950 4057d7 GetFileAttributesA 2948->2950 2949 405e9c 2 API calls 2949->2951 2950->2943 2951->2943 2951->2946 2951->2949 2952 4056db 2 API calls 2951->2952 2952->2946 2953->2907 2955 4056e8 2954->2955 2956 4056f9 2955->2956 2957 4056ed CharPrevA 2955->2957 2956->2911 2957->2955 2957->2956 2958->2919 2986 405f2d GetModuleHandleA 2959->2986 2962 405957 GetShortPathNameA 2963 405a4c 2962->2963 2964 40596c 2962->2964 2963->2919 2964->2963 2966 405974 wsprintfA 2964->2966 2968 405bc3 18 API calls 2966->2968 2967 40593b CloseHandle GetShortPathNameA 2967->2963 2969 40594f 2967->2969 2970 40599c 2968->2970 2969->2962 2969->2963 2993 405878 GetFileAttributesA CreateFileA 2970->2993 2972 4059a9 2972->2963 2973 4059b8 GetFileSize GlobalAlloc 2972->2973 2974 405a45 CloseHandle 2973->2974 2975 4059d6 ReadFile 2973->2975 2974->2963 2975->2974 2976 4059ea 2975->2976 2976->2974 2994 4057ed lstrlenA 2976->2994 2979 405a59 2981 4057ed 4 API calls 2979->2981 2980 4059ff 2999 405ba1 lstrcpynA 2980->2999 2983 405a0d 2981->2983 2984 405a20 SetFilePointer WriteFile GlobalFree 2983->2984 2984->2974 2985->2940 2987 405f53 GetProcAddress 2986->2987 2988 405f49 2986->2988 2990 4058fa 2987->2990 3000 405ec3 GetSystemDirectoryA 2988->3000 2990->2962 2990->2963 2992 405878 GetFileAttributesA CreateFileA 2990->2992 2991 405f4f 2991->2987 2991->2990 2992->2967 2993->2972 2995 405823 lstrlenA 2994->2995 2996 405801 lstrcmpiA 2995->2996 2998 40582d 2995->2998 2997 40581a CharNextA 2996->2997 2996->2998 2997->2995 2998->2979 2998->2980 2999->2983 3001 405ee5 wsprintfA LoadLibraryA 3000->3001 3001->2991 3864 401d1b GetDC GetDeviceCaps 3865 4029ef 18 API calls 3864->3865 3866 401d37 MulDiv 3865->3866 3867 4029ef 18 API calls 3866->3867 3868 401d4c 3867->3868 3869 405bc3 18 API calls 3868->3869 3870 401d85 CreateFontIndirectA 3869->3870 3871 4024ce 3870->3871 3872 401e1b 3873 402a0c 18 API calls 3872->3873 3874 401e21 3873->3874 3875 404e8d 25 API calls 3874->3875 3876 401e2b 3875->3876 3877 405401 2 API calls 3876->3877 3881 401e31 3877->3881 3878 401e87 CloseHandle 3880 402672 3878->3880 3879 401e50 WaitForSingleObject 3879->3881 3882 401e5e GetExitCodeProcess 3879->3882 3881->3878 3881->3879 3881->3880 3883 405f69 2 API calls 3881->3883 3884 401e70 3882->3884 3885 401e79 3882->3885 3883->3879 3887 405aff wsprintfA 3884->3887 3885->3878 3887->3885 3888 40429b 3889 4042c7 3888->3889 3890 4042d8 3888->3890 3949 405446 GetDlgItemTextA 3889->3949 3892 4042e4 GetDlgItem 3890->3892 3893 404343 3890->3893 3895 4042f8 3892->3895 3900 405bc3 18 API calls 3893->3900 3909 404427 3893->3909 3947 4045d1 3893->3947 3894 4042d2 3896 405e03 5 API calls 3894->3896 3898 40430c SetWindowTextA 3895->3898 3899 405728 4 API calls 3895->3899 3896->3890 3902 403e5d 19 API calls 3898->3902 3908 404302 3899->3908 3904 4043b7 SHBrowseForFolderA 3900->3904 3901 404457 3905 405775 18 API calls 3901->3905 3906 404328 3902->3906 3903 403ec4 8 API calls 3907 4045e5 3903->3907 3904->3909 3910 4043cf CoTaskMemFree 3904->3910 3911 40445d 3905->3911 3912 403e5d 19 API calls 3906->3912 3908->3898 3913 405694 3 API calls 3908->3913 3909->3947 3951 405446 GetDlgItemTextA 3909->3951 3914 405694 3 API calls 3910->3914 3952 405ba1 lstrcpynA 3911->3952 3915 404336 3912->3915 3913->3898 3916 4043dc 3914->3916 3950 403e92 SendMessageA 3915->3950 3919 404413 SetDlgItemTextA 3916->3919 3924 405bc3 18 API calls 3916->3924 3919->3909 3920 40433c 3922 405f2d 5 API calls 3920->3922 3921 404474 3923 405f2d 5 API calls 3921->3923 3922->3893 3930 40447b 3923->3930 3925 4043fb lstrcmpiA 3924->3925 3925->3919 3928 40440c lstrcatA 3925->3928 3926 4044b7 3953 405ba1 lstrcpynA 3926->3953 3928->3919 3929 4044be 3931 405728 4 API calls 3929->3931 3930->3926 3934 4056db 2 API calls 3930->3934 3936 40450f 3930->3936 3932 4044c4 GetDiskFreeSpaceA 3931->3932 3935 4044e8 MulDiv 3932->3935 3932->3936 3934->3930 3935->3936 3937 404580 3936->3937 3939 404717 21 API calls 3936->3939 3938 4045a3 3937->3938 3940 40140b 2 API calls 3937->3940 3954 403e7f EnableWindow 3938->3954 3941 40456d 3939->3941 3940->3938 3943 404582 SetDlgItemTextA 3941->3943 3944 404572 3941->3944 3943->3937 3946 404652 21 API calls 3944->3946 3945 4045bf 3945->3947 3955 404230 3945->3955 3946->3937 3947->3903 3949->3894 3950->3920 3951->3901 3952->3921 3953->3929 3954->3945 3956 404243 SendMessageA 3955->3956 3957 40423e 3955->3957 3956->3947 3957->3956 3958 40251c 3959 4029ef 18 API calls 3958->3959 3961 402526 3959->3961 3960 40255a ReadFile 3960->3961 3965 40259c 3960->3965 3961->3960 3962 40259e 3961->3962 3963 4025ae 3961->3963 3961->3965 3967 405aff wsprintfA 3962->3967 3963->3965 3966 4025c4 SetFilePointer 3963->3966 3966->3965 3967->3965 3968 401721 3969 402a0c 18 API calls 3968->3969 3970 401728 3969->3970 3971 4058a7 2 API calls 3970->3971 3972 40172f 3971->3972 3972->3972 3973 401922 3974 402a0c 18 API calls 3973->3974 3975 401929 lstrlenA 3974->3975 3976 4024ce 3975->3976 3977 403fa5 3978 403fbb 3977->3978 3983 4040c8 3977->3983 3981 403e5d 19 API calls 3978->3981 3979 404137 3980 40420b 3979->3980 3982 404141 GetDlgItem 3979->3982 3988 403ec4 8 API calls 3980->3988 3984 404011 3981->3984 3985 404157 3982->3985 3986 4041c9 3982->3986 3983->3979 3983->3980 3987 40410c GetDlgItem SendMessageA 3983->3987 3989 403e5d 19 API calls 3984->3989 3985->3986 3994 40417d 6 API calls 3985->3994 3986->3980 3990 4041db 3986->3990 4008 403e7f EnableWindow 3987->4008 3992 404206 3988->3992 3993 40401e CheckDlgButton 3989->3993 3995 4041e1 SendMessageA 3990->3995 3996 4041f2 3990->3996 4006 403e7f EnableWindow 3993->4006 3994->3986 3995->3996 3996->3992 3999 4041f8 SendMessageA 3996->3999 3997 404132 4000 404230 SendMessageA 3997->4000 3999->3992 4000->3979 4001 40403c GetDlgItem 4007 403e92 SendMessageA 4001->4007 4003 404052 SendMessageA 4004 404070 GetSysColor 4003->4004 4005 404079 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4003->4005 4004->4005 4005->3992 4006->4001 4007->4003 4008->3997 4009 401ca5 4010 4029ef 18 API calls 4009->4010 4011 401cb5 SetWindowLongA 4010->4011 4012 4028a1 4011->4012 4013 401a26 4014 4029ef 18 API calls 4013->4014 4015 401a2c 4014->4015 4016 4029ef 18 API calls 4015->4016 4017 4019d6 4016->4017 4018 40262b 4019 402646 4018->4019 4020 40262e 4018->4020 4021 4027cc 4019->4021 4024 405ba1 lstrcpynA 4019->4024 4022 40263b FindNextFileA 4020->4022 4022->4019 4024->4021 4025 401bad 4026 4029ef 18 API calls 4025->4026 4027 401bb4 4026->4027 4028 4029ef 18 API calls 4027->4028 4029 401bbe 4028->4029 4030 402a0c 18 API calls 4029->4030 4034 401bce 4029->4034 4030->4034 4031 402a0c 18 API calls 4035 401bde 4031->4035 4032 401be9 4036 4029ef 18 API calls 4032->4036 4033 401c2d 4037 402a0c 18 API calls 4033->4037 4034->4031 4034->4035 4035->4032 4035->4033 4038 401bee 4036->4038 4039 401c32 4037->4039 4040 4029ef 18 API calls 4038->4040 4041 402a0c 18 API calls 4039->4041 4043 401bf7 4040->4043 4042 401c3b FindWindowExA 4041->4042 4046 401c59 4042->4046 4044 401c1d SendMessageA 4043->4044 4045 401bff SendMessageTimeoutA 4043->4045 4044->4046 4045->4046 4047 4024b2 4048 402a0c 18 API calls 4047->4048 4049 4024b9 4048->4049 4052 405878 GetFileAttributesA CreateFileA 4049->4052 4051 4024c5 4052->4051 4053 4035b2 4054 4035bd 4053->4054 4055 4035c1 4054->4055 4056 4035c4 GlobalAlloc 4054->4056 4056->4055 2722 4015b3 2740 402a0c 2722->2740 2726 40160a 2728 40162d 2726->2728 2729 40160f 2726->2729 2733 401423 25 API calls 2728->2733 2756 401423 2729->2756 2739 40217f 2733->2739 2734 4015e5 GetLastError 2736 4015f2 GetFileAttributesA 2734->2736 2737 4015c2 2734->2737 2736->2737 2737->2726 2752 4056bf 2737->2752 2738 401621 SetCurrentDirectoryA 2738->2739 2741 402a18 2740->2741 2760 405bc3 2741->2760 2744 4015ba 2746 405728 CharNextA CharNextA 2744->2746 2747 405742 2746->2747 2751 40574e 2746->2751 2749 405749 CharNextA 2747->2749 2747->2751 2748 40576b 2748->2737 2749->2748 2750 4056bf CharNextA 2750->2751 2751->2748 2751->2750 2753 4056c5 2752->2753 2754 4015d0 CreateDirectoryA 2753->2754 2755 4056cb CharNextA 2753->2755 2754->2734 2754->2737 2755->2753 2795 404e8d 2756->2795 2759 405ba1 lstrcpynA 2759->2738 2765 405bd0 2760->2765 2761 405dea 2762 402a39 2761->2762 2794 405ba1 lstrcpynA 2761->2794 2762->2744 2778 405e03 2762->2778 2764 405c68 GetVersion 2764->2765 2765->2761 2765->2764 2766 405dc1 lstrlenA 2765->2766 2769 405bc3 10 API calls 2765->2769 2770 405ce0 GetSystemDirectoryA 2765->2770 2772 405cf3 GetWindowsDirectoryA 2765->2772 2773 405e03 5 API calls 2765->2773 2774 405d6a lstrcatA 2765->2774 2775 405d27 SHGetSpecialFolderLocation 2765->2775 2776 405bc3 10 API calls 2765->2776 2787 405a88 RegOpenKeyExA 2765->2787 2792 405aff wsprintfA 2765->2792 2793 405ba1 lstrcpynA 2765->2793 2766->2765 2769->2766 2770->2765 2772->2765 2773->2765 2774->2765 2775->2765 2777 405d3f SHGetPathFromIDListA CoTaskMemFree 2775->2777 2776->2765 2777->2765 2785 405e0f 2778->2785 2779 405e77 2780 405e7b CharPrevA 2779->2780 2782 405e96 2779->2782 2780->2779 2781 405e6c CharNextA 2781->2779 2781->2785 2782->2744 2783 4056bf CharNextA 2783->2785 2784 405e5a CharNextA 2784->2785 2785->2779 2785->2781 2785->2783 2785->2784 2786 405e67 CharNextA 2785->2786 2786->2781 2788 405af9 2787->2788 2789 405abb RegQueryValueExA 2787->2789 2788->2765 2790 405adc RegCloseKey 2789->2790 2790->2788 2792->2765 2793->2765 2794->2762 2796 401431 2795->2796 2797 404ea8 2795->2797 2796->2759 2798 404ec5 lstrlenA 2797->2798 2799 405bc3 18 API calls 2797->2799 2800 404ed3 lstrlenA 2798->2800 2801 404eee 2798->2801 2799->2798 2800->2796 2802 404ee5 lstrcatA 2800->2802 2803 404f01 2801->2803 2804 404ef4 SetWindowTextA 2801->2804 2802->2801 2803->2796 2805 404f07 SendMessageA SendMessageA SendMessageA 2803->2805 2804->2803 2805->2796 2806 401734 2807 402a0c 18 API calls 2806->2807 2808 40173b 2807->2808 2809 401761 2808->2809 2810 401759 2808->2810 2871 405ba1 lstrcpynA 2809->2871 2870 405ba1 lstrcpynA 2810->2870 2813 40175f 2816 405e03 5 API calls 2813->2816 2814 40176c 2872 405694 lstrlenA CharPrevA 2814->2872 2820 40177e 2816->2820 2818 401789 2818->2820 2823 401795 CompareFileTime 2818->2823 2875 405e9c FindFirstFileA 2818->2875 2820->2818 2824 401859 2820->2824 2826 405ba1 lstrcpynA 2820->2826 2832 405bc3 18 API calls 2820->2832 2844 401830 2820->2844 2845 405859 GetFileAttributesA 2820->2845 2848 405878 GetFileAttributesA CreateFileA 2820->2848 2878 405462 2820->2878 2823->2818 2825 404e8d 25 API calls 2824->2825 2827 401863 2825->2827 2826->2820 2849 402e71 2827->2849 2828 404e8d 25 API calls 2834 401845 2828->2834 2831 40188a SetFileTime 2833 40189c FindCloseChangeNotification 2831->2833 2832->2820 2833->2834 2835 4018ad 2833->2835 2836 4018b2 2835->2836 2837 4018c5 2835->2837 2838 405bc3 18 API calls 2836->2838 2839 405bc3 18 API calls 2837->2839 2842 4018ba lstrcatA 2838->2842 2840 4018cd 2839->2840 2843 405462 MessageBoxIndirectA 2840->2843 2842->2840 2843->2834 2844->2828 2844->2834 2846 405875 2845->2846 2847 405868 SetFileAttributesA 2845->2847 2846->2820 2847->2846 2848->2820 2850 402e87 2849->2850 2851 402eb5 2850->2851 2884 4030c5 SetFilePointer 2850->2884 2882 403093 ReadFile 2851->2882 2855 402ed2 GetTickCount 2857 401876 2855->2857 2866 402f21 2855->2866 2856 403027 2858 40302b 2856->2858 2859 403043 2856->2859 2857->2831 2857->2833 2861 403093 ReadFile 2858->2861 2859->2857 2862 403093 ReadFile 2859->2862 2863 40305e WriteFile 2859->2863 2860 403093 ReadFile 2860->2866 2861->2857 2862->2859 2863->2857 2864 403073 2863->2864 2864->2857 2864->2859 2865 402f77 GetTickCount 2865->2866 2866->2857 2866->2860 2866->2865 2867 402f9c MulDiv wsprintfA 2866->2867 2868 402fda WriteFile 2866->2868 2869 404e8d 25 API calls 2867->2869 2868->2857 2868->2866 2869->2866 2870->2813 2871->2814 2873 401772 lstrcatA 2872->2873 2874 4056ae lstrcatA 2872->2874 2873->2813 2874->2873 2876 405eb2 FindClose 2875->2876 2877 405ebd 2875->2877 2876->2877 2877->2818 2879 405477 2878->2879 2880 4054c3 2879->2880 2881 40548b MessageBoxIndirectA 2879->2881 2880->2820 2881->2880 2883 402ec0 2882->2883 2883->2855 2883->2856 2883->2857 2884->2851 4057 401634 4058 402a0c 18 API calls 4057->4058 4059 40163a 4058->4059 4060 405e9c 2 API calls 4059->4060 4061 401640 4060->4061 4062 401934 4063 4029ef 18 API calls 4062->4063 4064 40193b 4063->4064 4065 4029ef 18 API calls 4064->4065 4066 401945 4065->4066 4067 402a0c 18 API calls 4066->4067 4068 40194e 4067->4068 4069 401961 lstrlenA 4068->4069 4073 40199c 4068->4073 4070 40196b 4069->4070 4070->4073 4075 405ba1 lstrcpynA 4070->4075 4072 401985 4072->4073 4074 401992 lstrlenA 4072->4074 4074->4073 4075->4072 4076 4019b5 4077 402a0c 18 API calls 4076->4077 4078 4019bc 4077->4078 4079 402a0c 18 API calls 4078->4079 4080 4019c5 4079->4080 4081 4019cc lstrcmpiA 4080->4081 4082 4019de lstrcmpA 4080->4082 4083 4019d2 4081->4083 4082->4083 4084 402036 4085 402a0c 18 API calls 4084->4085 4086 40203d 4085->4086 4087 402a0c 18 API calls 4086->4087 4088 402047 4087->4088 4089 402a0c 18 API calls 4088->4089 4090 402050 4089->4090 4091 402a0c 18 API calls 4090->4091 4092 40205a 4091->4092 4093 402a0c 18 API calls 4092->4093 4094 402064 4093->4094 4095 402078 CoCreateInstance 4094->4095 4096 402a0c 18 API calls 4094->4096 4099 402097 4095->4099 4100 40214d 4095->4100 4096->4095 4097 401423 25 API calls 4098 40217f 4097->4098 4099->4100 4101 40212c MultiByteToWideChar 4099->4101 4100->4097 4100->4098 4101->4100 4102 4014b7 4103 4014bd 4102->4103 4104 401389 2 API calls 4103->4104 4105 4014c5 4104->4105 4106 402239 4107 402241 4106->4107 4108 402247 4106->4108 4110 402a0c 18 API calls 4107->4110 4109 402257 4108->4109 4111 402a0c 18 API calls 4108->4111 4112 402265 4109->4112 4113 402a0c 18 API calls 4109->4113 4110->4108 4111->4109 4114 402a0c 18 API calls 4112->4114 4113->4112 4115 40226e WritePrivateProfileStringA 4114->4115 4116 40243d 4117 402b16 19 API calls 4116->4117 4118 402447 4117->4118 4119 4029ef 18 API calls 4118->4119 4120 402450 4119->4120 4121 402473 RegEnumValueA 4120->4121 4122 402467 RegEnumKeyA 4120->4122 4124 402672 4120->4124 4123 40248c RegCloseKey 4121->4123 4121->4124 4122->4123 4123->4124 4126 4022bd 4127 4022c2 4126->4127 4128 4022ed 4126->4128 4130 402b16 19 API calls 4127->4130 4129 402a0c 18 API calls 4128->4129 4131 4022f4 4129->4131 4132 4022c9 4130->4132 4137 402a4c RegOpenKeyExA 4131->4137 4133 402a0c 18 API calls 4132->4133 4136 40230a 4132->4136 4135 4022da RegDeleteValueA RegCloseKey 4133->4135 4135->4136 4139 402a77 4137->4139 4145 402ac3 4137->4145 4138 402a9d RegEnumKeyA 4138->4139 4140 402aaf RegCloseKey 4138->4140 4139->4138 4139->4140 4142 402ad4 RegCloseKey 4139->4142 4143 402a4c 5 API calls 4139->4143 4141 405f2d 5 API calls 4140->4141 4144 402abf 4141->4144 4142->4145 4143->4139 4144->4145 4146 402aef RegDeleteKeyA 4144->4146 4145->4136 4146->4145

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 0040310D Relevance: 84.3, APIs: 26, Strings: 22, Instructions: 313stringfilecomCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 0 40310d-403141 SetErrorMode GetVersion 1 403143-40314b call 405f2d 0->1 2 403154-4031e4 call 405ec3 * 3 call 405f2d * 2 #17 OleInitialize SHGetFileInfoA call 405ba1 GetCommandLineA call 405ba1 GetModuleHandleA 0->2 1->2 7 40314d 1->7 20 4031f0-403205 call 4056bf CharNextA 2->20 21 4031e6-4031eb 2->21 7->2 24 40326a-40326e 20->24 21->20 25 403270 24->25 26 403207-40320a 24->26 29 403283-40329b GetTempPathA call 4030dc 25->29 27 403212-40321a 26->27 28 40320c-403210 26->28 31 403222-403225 27->31 32 40321c-40321d 27->32 28->27 28->28 38 4032bd-4032d4 DeleteFileA call 402c38 29->38 39 40329d-4032bb GetWindowsDirectoryA lstrcatA call 4030dc 29->39 33 403227-40322b 31->33 34 40325a-403267 call 4056bf 31->34 32->31 36 40323b-403241 33->36 37 40322d-403236 33->37 34->24 51 403269 34->51 43 403251-403258 36->43 44 403243-40324c 36->44 37->36 41 403238 37->41 52 40333b-40334a ExitProcess OleUninitialize 38->52 53 4032d6-4032dc 38->53 39->38 39->52 41->36 43->34 49 403272-40327e call 405ba1 43->49 44->43 48 40324e 44->48 48->43 49->29 51->24 57 403350-403360 call 405462 ExitProcess 52->57 58 40345f-403465 52->58 55 40332b-403332 call 4035f4 53->55 56 4032de-4032e7 call 4056bf 53->56 65 403337 55->65 71 4032f2-4032f4 56->71 59 403502-40350a 58->59 60 40346b-403488 call 405f2d * 3 58->60 66 403510-403514 ExitProcess 59->66 67 40350c 59->67 88 4034d2-4034e0 call 405f2d 60->88 89 40348a-40348c 60->89 65->52 67->66 72 4032f6-403300 71->72 73 4032e9-4032ef 71->73 75 403302-40330f call 405775 72->75 76 403366-40337a call 4053e9 lstrcatA 72->76 73->72 78 4032f1 73->78 75->52 87 403311-403327 call 405ba1 * 2 75->87 85 403387-4033a1 lstrcatA lstrcmpiA 76->85 86 40337c-403382 lstrcatA 76->86 78->71 85->52 91 4033a3-4033a6 85->91 86->85 87->55 99 4034e2-4034ec 88->99 100 4034ee-4034f9 ExitWindowsEx 88->100 89->88 93 40348e-403490 89->93 95 4033a8-4033ad call 40534f 91->95 96 4033af call 4053cc 91->96 93->88 98 403492-4034a4 GetCurrentProcess 93->98 107 4033b4-4033c1 SetCurrentDirectoryA 95->107 96->107 98->88 113 4034a6-4034c8 98->113 99->100 106 4034fb-4034fd call 40140b 99->106 100->59 100->106 106->59 111 4033c3-4033c9 call 405ba1 107->111 112 4033ce-4033e8 call 405ba1 107->112 111->112 118 4033ed-403409 call 405bc3 DeleteFileA 112->118 113->88 121 40344a-403451 118->121 122 40340b-40341b CopyFileA 118->122 121->118 124 403453-40345a call 4058ef 121->124 122->121 123 40341d-40343d call 4058ef call 405bc3 call 405401 122->123 123->121 133 40343f-403446 CloseHandle 123->133 124->52 133->121
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetErrorMode.KERNELBASE ref: 00403131
                                                                                                                                                                                                                                                    • GetVersion.KERNEL32 ref: 00403137
                                                                                                                                                                                                                                                    • #17.COMCTL32(0000000B,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00403185
                                                                                                                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 0040318C
                                                                                                                                                                                                                                                    • SHGetFileInfoA.SHELL32(00429078,00000000,?,00000160,00000000), ref: 004031A8
                                                                                                                                                                                                                                                    • GetCommandLineA.KERNEL32(Fast! Resources Setup,NSIS Error), ref: 004031BD
                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\SetupResources.exe,00000000), ref: 004031D0
                                                                                                                                                                                                                                                    • CharNextA.USER32(00000000,C:\Users\user\AppData\Local\Temp\SetupResources.exe,00409188), ref: 004031FB
                                                                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040328E
                                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004032A3
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032AF
                                                                                                                                                                                                                                                    • DeleteFileA.KERNELBASE(1033), ref: 004032C2
                                                                                                                                                                                                                                                      • Part of subcall function 00405F2D: GetModuleHandleA.KERNEL32(?,?,00000000,00403179,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00405F3F
                                                                                                                                                                                                                                                      • Part of subcall function 00405F2D: GetProcAddress.KERNEL32(00000000,?), ref: 00405F5A
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32(00000000), ref: 0040333B
                                                                                                                                                                                                                                                    • OleUninitialize.OLE32(00000000), ref: 00403340
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00403360
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,C:\Users\user\AppData\Local\Temp\SetupResources.exe,00000000,00000000), ref: 00403373
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,C:\Users\user\AppData\Local\Temp\SetupResources.exe,00000000,00000000), ref: 00403382
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,C:\Users\user\AppData\Local\Temp\SetupResources.exe,00000000,00000000), ref: 0040338D
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp), ref: 00403399
                                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033B5
                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(00428C78,00428C78,?,0042F000,?), ref: 004033FF
                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\SetupResources.exe,00428C78,00000001), ref: 00403413
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00428C78,00428C78,?,00428C78,00000000), ref: 00403440
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 00403499
                                                                                                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,80040002), ref: 004034F1
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00403514
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExitFileProcesslstrcat$Handle$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpi
                                                                                                                                                                                                                                                    • String ID: $ /D=$ _?=$"$.tmp$1033$C:\Program Files (x86)\Fast!$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\SetupResources.exe$C:\Users\user\AppData\Local\Temp\SetupResources.exe$Error launching installer$Fast! Resources Setup$NCRC$NSIS Error$SETUPAPI$SeShutdownPrivilege$USERENV$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                                                    • API String ID: 2193684524-4246053925
                                                                                                                                                                                                                                                    • Opcode ID: 4dd452560eae24bc6de7938b16d62ef3ef61ce91039457760c5fd2ce1b0eb6ad
                                                                                                                                                                                                                                                    • Instruction ID: 451575da7f46b68c591153a14feb1e54add6b468c03afba2ffefeba693a227d9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4dd452560eae24bc6de7938b16d62ef3ef61ce91039457760c5fd2ce1b0eb6ad
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55A1E3705083416AE7216F629C4AF6B7EACEB4570AF04047FF541B61D2CB7C9A058A6F
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004035F4 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 134 4035f4-40360c call 405f2d 137 403620-403647 call 405a88 134->137 138 40360e-40361e call 405aff 134->138 142 403649-40365a call 405a88 137->142 143 40365f-403665 lstrcatA 137->143 146 40366a-403693 call 4038bd call 405775 138->146 142->143 143->146 152 403699-40369e 146->152 153 40371a-403722 call 405775 146->153 152->153 154 4036a0-4036c4 call 405a88 152->154 158 403730-403755 LoadImageA 153->158 159 403724-40372b call 405bc3 153->159 154->153 164 4036c6-4036c8 154->164 162 4037e4-4037ec call 40140b 158->162 163 40375b-403791 RegisterClassA 158->163 159->158 177 4037f6-403801 call 4038bd 162->177 178 4037ee-4037f1 162->178 167 4038b3 163->167 168 403797-4037df SystemParametersInfoA CreateWindowExA 163->168 165 4036d9-4036e5 lstrlenA 164->165 166 4036ca-4036d7 call 4056bf 164->166 172 4036e7-4036f5 lstrcmpiA 165->172 173 40370d-403715 call 405694 call 405ba1 165->173 166->165 171 4038b5-4038bc 167->171 168->162 172->173 176 4036f7-403701 GetFileAttributesA 172->176 173->153 180 403703-403705 176->180 181 403707-403708 call 4056db 176->181 187 403807-403821 ShowWindow call 405ec3 177->187 188 40388a-403892 call 404f5f 177->188 178->171 180->173 180->181 181->173 195 403823-403828 call 405ec3 187->195 196 40382d-40383f GetClassInfoA 187->196 193 403894-40389a 188->193 194 4038ac-4038ae call 40140b 188->194 193->178 201 4038a0-4038a7 call 40140b 193->201 194->167 195->196 199 403841-403851 GetClassInfoA RegisterClassA 196->199 200 403857-403888 DialogBoxParamA call 40140b call 403544 196->200 199->200 200->171 201->178
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00405F2D: GetModuleHandleA.KERNEL32(?,?,00000000,00403179,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00405F3F
                                                                                                                                                                                                                                                      • Part of subcall function 00405F2D: GetProcAddress.KERNEL32(00000000,?), ref: 00405F5A
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(1033,0042A0C0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0C0,00000000,00000003,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\SetupResources.exe,00000000), ref: 00403665
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(0042DBE0,?,?,?,0042DBE0,00000000,C:\Program Files (x86)\Fast!,1033,0042A0C0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0C0,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 004036DA
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(?,.exe), ref: 004036ED
                                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(0042DBE0), ref: 004036F8
                                                                                                                                                                                                                                                    • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files (x86)\Fast!), ref: 00403741
                                                                                                                                                                                                                                                      • Part of subcall function 00405AFF: wsprintfA.USER32 ref: 00405B0C
                                                                                                                                                                                                                                                    • RegisterClassA.USER32 ref: 00403788
                                                                                                                                                                                                                                                    • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004037A0
                                                                                                                                                                                                                                                    • CreateWindowExA.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 004037D9
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 0040380F
                                                                                                                                                                                                                                                    • GetClassInfoA.USER32(00000000,RichEdit20A,0042E3E0), ref: 0040383B
                                                                                                                                                                                                                                                    • GetClassInfoA.USER32(00000000,RichEdit,0042E3E0), ref: 00403848
                                                                                                                                                                                                                                                    • RegisterClassA.USER32(0042E3E0), ref: 00403851
                                                                                                                                                                                                                                                    • DialogBoxParamA.USER32(?,00000000,0040398A,00000000), ref: 00403870
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                    • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\SetupResources.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$B
                                                                                                                                                                                                                                                    • API String ID: 1975747703-2019816382
                                                                                                                                                                                                                                                    • Opcode ID: ac045105ea430784d240a2a91794aa78d6c2f3841bae4eef558abf86d16be117
                                                                                                                                                                                                                                                    • Instruction ID: 069ef0fb9a42e1b4956c000ddcdb280bce5473b1ca4ea0d36e0de5988d82752f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac045105ea430784d240a2a91794aa78d6c2f3841bae4eef558abf86d16be117
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE61D8B16442007FD220AFA69C45F273A6CEB44749F44457FF940B32D1CA7DA9018A7E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402C38 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 208 402c38-402c86 GetTickCount GetModuleFileNameA call 405878 211 402c92-402cc0 call 405ba1 call 4056db call 405ba1 GetFileSize 208->211 212 402c88-402c8d 208->212 220 402cc6 211->220 221 402dad-402dbb call 402bd4 211->221 213 402e6a-402e6e 212->213 223 402ccb-402ce2 220->223 228 402e10-402e15 221->228 229 402dbd-402dc0 221->229 224 402ce4 223->224 225 402ce6-402ce8 call 403093 223->225 224->225 230 402ced-402cef 225->230 228->213 231 402dc2-402dd3 call 4030c5 call 403093 229->231 232 402de4-402e0e GlobalAlloc call 4030c5 call 402e71 229->232 234 402cf5-402cfc 230->234 235 402e17-402e1f call 402bd4 230->235 248 402dd8-402dda 231->248 232->228 259 402e21-402e32 232->259 238 402d78-402d7c 234->238 239 402cfe-402d12 call 405839 234->239 235->228 243 402d86-402d8c 238->243 244 402d7e-402d85 call 402bd4 238->244 239->243 257 402d14-402d1b 239->257 250 402d9b-402da5 243->250 251 402d8e-402d98 call 405f9c 243->251 244->243 248->228 254 402ddc-402de2 248->254 250->223 258 402dab 250->258 251->250 254->228 254->232 257->243 261 402d1d-402d24 257->261 258->221 262 402e34 259->262 263 402e3a-402e3f 259->263 261->243 265 402d26-402d2d 261->265 262->263 264 402e40-402e46 263->264 264->264 266 402e48-402e63 SetFilePointer call 405839 264->266 265->243 267 402d2f-402d36 265->267 270 402e68 266->270 267->243 269 402d38-402d58 267->269 269->228 271 402d5e-402d62 269->271 270->213 272 402d64-402d68 271->272 273 402d6a-402d72 271->273 272->258 272->273 273->243 274 402d74-402d76 273->274 274->243
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402C49
                                                                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\SetupResources.exe,00000400), ref: 00402C65
                                                                                                                                                                                                                                                      • Part of subcall function 00405878: GetFileAttributesA.KERNELBASE(00000003,00402C78,C:\Users\user\AppData\Local\Temp\SetupResources.exe,80000000,00000003), ref: 0040587C
                                                                                                                                                                                                                                                      • Part of subcall function 00405878: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040589E
                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,00436000,00000000,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\SetupResources.exe,C:\Users\user\AppData\Local\Temp\SetupResources.exe,80000000,00000003), ref: 00402CB1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\SetupResources.exe, xrefs: 00402C38
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp, xrefs: 00402C93, 00402C98, 00402C9E
                                                                                                                                                                                                                                                    • Inst, xrefs: 00402D1D
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C42
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\SetupResources.exe, xrefs: 00402C4F, 00402C5E, 00402C72, 00402C92
                                                                                                                                                                                                                                                    • Null, xrefs: 00402D2F
                                                                                                                                                                                                                                                    • Error launching installer, xrefs: 00402C88
                                                                                                                                                                                                                                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E10
                                                                                                                                                                                                                                                    • soft, xrefs: 00402D26
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\SetupResources.exe$C:\Users\user\AppData\Local\Temp\SetupResources.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                                                                                                                                    • API String ID: 4283519449-1911205503
                                                                                                                                                                                                                                                    • Opcode ID: 52dd5125f2beb4c5a01725ee1ecfb7cda6383a0ef784e60b7ebdc9a7c5e8d2b4
                                                                                                                                                                                                                                                    • Instruction ID: d5d64c7dde767481ec9b836f5bb8cc7fe4476435a14377af370c0b56c56fa9d6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52dd5125f2beb4c5a01725ee1ecfb7cda6383a0ef784e60b7ebdc9a7c5e8d2b4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B51D971901214ABDB219FA6DE89B9E7BB8FB40354F10413BF900B62D1D7BC9D418B9D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405BC3 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 197stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 275 405bc3-405bce 276 405bd0-405bdf 275->276 277 405be1-405bfe 275->277 276->277 278 405de0-405de4 277->278 279 405c04-405c0b 277->279 280 405c10-405c1a 278->280 281 405dea-405df4 278->281 279->278 280->281 282 405c20-405c27 280->282 283 405df6-405dfa call 405ba1 281->283 284 405dff-405e00 281->284 285 405dd3 282->285 286 405c2d-405c62 282->286 283->284 288 405dd5-405ddb 285->288 289 405ddd-405ddf 285->289 290 405c68-405c73 GetVersion 286->290 291 405d7d-405d80 286->291 288->278 289->278 292 405c75-405c79 290->292 293 405c8d 290->293 294 405db0-405db3 291->294 295 405d82-405d85 291->295 292->293 296 405c7b-405c7f 292->296 299 405c94-405c9b 293->299 300 405dc1-405dd1 lstrlenA 294->300 301 405db5-405dbc call 405bc3 294->301 297 405d95-405da1 call 405ba1 295->297 298 405d87-405d93 call 405aff 295->298 296->293 302 405c81-405c85 296->302 312 405da6-405dac 297->312 298->312 304 405ca0-405ca2 299->304 305 405c9d-405c9f 299->305 300->278 301->300 302->293 308 405c87-405c8b 302->308 310 405ca4-405cbf call 405a88 304->310 311 405cdb-405cde 304->311 305->304 308->299 320 405cc4-405cc7 310->320 313 405ce0-405cec GetSystemDirectoryA 311->313 314 405cee-405cf1 311->314 312->300 316 405dae 312->316 317 405d5f-405d62 313->317 318 405cf3-405d01 GetWindowsDirectoryA 314->318 319 405d5b-405d5d 314->319 321 405d75-405d7b call 405e03 316->321 317->321 324 405d64-405d68 317->324 318->319 319->317 323 405d03-405d0d 319->323 320->324 325 405ccd-405cd6 call 405bc3 320->325 321->300 328 405d27-405d3d SHGetSpecialFolderLocation 323->328 329 405d0f-405d12 323->329 324->321 326 405d6a-405d70 lstrcatA 324->326 325->317 326->321 333 405d58 328->333 334 405d3f-405d56 SHGetPathFromIDListA CoTaskMemFree 328->334 329->328 332 405d14-405d25 329->332 332->317 332->328 333->319 334->317 334->333
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetVersion.KERNEL32(00000000,00429898,00000000,00404EC5,00429898,00000000), ref: 00405C6B
                                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32(0042DBE0,00000400), ref: 00405CE6
                                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(0042DBE0,00000400), ref: 00405CF9
                                                                                                                                                                                                                                                    • SHGetSpecialFolderLocation.SHELL32(?,0041F727), ref: 00405D35
                                                                                                                                                                                                                                                    • SHGetPathFromIDListA.SHELL32(0041F727,0042DBE0), ref: 00405D43
                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(0041F727), ref: 00405D4E
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(0042DBE0,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D70
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(0042DBE0,00000000,00429898,00000000,00404EC5,00429898,00000000), ref: 00405DC2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion, xrefs: 00405CB5
                                                                                                                                                                                                                                                    • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00405D6A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                    • API String ID: 900638850-730719616
                                                                                                                                                                                                                                                    • Opcode ID: 56c6644338f5748cd9e4adb5f2c50b348e185d39bfc66a16460e33acb065d9ec
                                                                                                                                                                                                                                                    • Instruction ID: fa1e0b9f47c9474f0aa02006464afd466a30f7754b548aa089decd5b8df859b0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56c6644338f5748cd9e4adb5f2c50b348e185d39bfc66a16460e33acb065d9ec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8512531A04A15ABEB205B698C88BBB3B64DF11314F54827BE511BA2D0D37C5942DF4E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402E71 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 174fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 336 402e71-402e85 337 402e87 336->337 338 402e8e-402e97 336->338 337->338 339 402ea0-402ea5 338->339 340 402e99 338->340 341 402eb5-402ec2 call 403093 339->341 342 402ea7-402eb0 call 4030c5 339->342 340->339 346 402ec8-402ecc 341->346 347 40303e 341->347 342->341 349 402ed2-402f1b GetTickCount 346->349 350 403027-403029 346->350 348 403040-403041 347->348 353 40308c-403090 348->353 351 402f21-402f29 349->351 352 403089 349->352 354 40302b-40302e 350->354 355 40307e-403082 350->355 356 402f2b 351->356 357 402f2e-402f3c call 403093 351->357 352->353 360 403030 354->360 361 403033-40303c call 403093 354->361 358 403043-403049 355->358 359 403084 355->359 356->357 357->347 370 402f42-402f4b 357->370 363 40304b 358->363 364 40304e-40305c call 403093 358->364 359->352 360->361 361->347 369 403086 361->369 363->364 364->347 373 40305e-403071 WriteFile 364->373 369->352 372 402f51-402f71 call 40600a 370->372 379 402f77-402f8a GetTickCount 372->379 380 40301f-403021 372->380 375 403023-403025 373->375 376 403073-403076 373->376 375->348 376->375 378 403078-40307b 376->378 378->355 381 402f8c-402f94 379->381 382 402fcf-402fd3 379->382 380->348 385 402f96-402f9a 381->385 386 402f9c-402fcc MulDiv wsprintfA call 404e8d 381->386 383 403014-403017 382->383 384 402fd5-402fd8 382->384 383->351 389 40301d 383->389 387 402ffa-403005 384->387 388 402fda-402fee WriteFile 384->388 385->382 385->386 386->382 392 403008-40300c 387->392 388->375 391 402ff0-402ff3 388->391 389->352 391->375 394 402ff5-402ff8 391->394 392->372 395 403012 392->395 394->392 395->352
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402ED8
                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402F7F
                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402FA8
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00402FB8
                                                                                                                                                                                                                                                    • WriteFile.KERNELBASE(00000000,00000000,0041F727,7FFFFFFF,00000000), ref: 00402FE6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CountTick$FileWritewsprintf
                                                                                                                                                                                                                                                    • String ID: ... %d%%$hLA$hLA
                                                                                                                                                                                                                                                    • API String ID: 4209647438-3864250065
                                                                                                                                                                                                                                                    • Opcode ID: addaab61d9762357401ed889a56f94317b04aa9940b264370ab1ae8ac3205c02
                                                                                                                                                                                                                                                    • Instruction ID: 8a95cf2a137d7550cfd21daf0583010478331d15a29cb338fc351ae0d0d0651f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: addaab61d9762357401ed889a56f94317b04aa9940b264370ab1ae8ac3205c02
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D261AE7190221AEBDB10DFA5DA44AAF7BB8EB40355F10417BF910B72C4D7789A40CBE9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401734 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147stringtimeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 396 401734-401757 call 402a0c call 405701 401 401761-401773 call 405ba1 call 405694 lstrcatA 396->401 402 401759-40175f call 405ba1 396->402 407 401778-40177e call 405e03 401->407 402->407 412 401783-401787 407->412 413 401789-401793 call 405e9c 412->413 414 4017ba-4017bd 412->414 421 4017a5-4017b7 413->421 422 401795-4017a3 CompareFileTime 413->422 416 4017c5-4017e1 call 405878 414->416 417 4017bf-4017c0 call 405859 414->417 424 4017e3-4017e6 416->424 425 401859-401882 call 404e8d call 402e71 416->425 417->416 421->414 422->421 427 4017e8-40182a call 405ba1 * 2 call 405bc3 call 405ba1 call 405462 424->427 428 40183b-401845 call 404e8d 424->428 439 401884-401888 425->439 440 40188a-401896 SetFileTime 425->440 427->412 460 401830-401831 427->460 437 40184e-401854 428->437 441 4028aa 437->441 439->440 443 40189c-4018a7 FindCloseChangeNotification 439->443 440->443 445 4028ac-4028b0 441->445 446 4028a1-4028a4 443->446 447 4018ad-4018b0 443->447 446->441 449 4018b2-4018c3 call 405bc3 lstrcatA 447->449 450 4018c5-4018c8 call 405bc3 447->450 454 4018cd-402229 call 405462 449->454 450->454 454->445 463 402672-402679 454->463 460->437 462 401833-401834 460->462 462->428 463->446
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,00000000,C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll,C:\Program Files (x86)\Fast!,00000000,00000000,00000031), ref: 00401773
                                                                                                                                                                                                                                                    • CompareFileTime.KERNEL32(-00000014,?,C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll,C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll,00000000,00000000,C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll,C:\Program Files (x86)\Fast!,00000000,00000000,00000031), ref: 0040179D
                                                                                                                                                                                                                                                      • Part of subcall function 00405BA1: lstrcpynA.KERNEL32(?,?,00000400,004031BD,Fast! Resources Setup,NSIS Error), ref: 00405BAE
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: lstrlenA.KERNEL32(00429898,00000000,0041F727,755723A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000,?), ref: 00404EC6
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: lstrlenA.KERNEL32(00402FCC,00429898,00000000,0041F727,755723A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000), ref: 00404ED6
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: lstrcatA.KERNEL32(00429898,00402FCC,00402FCC,00429898,00000000,0041F727,755723A0), ref: 00404EE9
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SetWindowTextA.USER32(00429898,00429898), ref: 00404EFB
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F21
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F3B
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F49
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                                    • String ID: C:\Program Files (x86)\Fast!$C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll
                                                                                                                                                                                                                                                    • API String ID: 1941528284-1088974565
                                                                                                                                                                                                                                                    • Opcode ID: 861f3879c83e28eb07bb09eee35a09ef472ebd3ea5b24dd6fff8f590b62750ba
                                                                                                                                                                                                                                                    • Instruction ID: e79ae9243306ab86068bc1e71be5748962656d45b0e0834c5e2f96de839f3da3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 861f3879c83e28eb07bb09eee35a09ef472ebd3ea5b24dd6fff8f590b62750ba
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71419632914514BADF107BB9CC45EAF3679EF01329B20823BF421F11E1D77C9A418A6E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 464 4015b3-4015c6 call 402a0c call 405728 469 4015c8-4015e3 call 4056bf CreateDirectoryA 464->469 470 40160a-40160d 464->470 479 401600-401608 469->479 480 4015e5-4015f0 GetLastError 469->480 472 40162d-40217f call 401423 470->472 473 40160f-401628 call 401423 call 405ba1 SetCurrentDirectoryA 470->473 486 4028a1-4028b0 472->486 473->486 479->469 479->470 483 4015f2-4015fb GetFileAttributesA 480->483 484 4015fd 480->484 483->479 483->484 484->479
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00405728: CharNextA.USER32(004054DA,?,0042B4C8,00000000,0040578C,0042B4C8,0042B4C8,?,?,00000000,004054DA,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405736
                                                                                                                                                                                                                                                      • Part of subcall function 00405728: CharNextA.USER32(00000000), ref: 0040573B
                                                                                                                                                                                                                                                      • Part of subcall function 00405728: CharNextA.USER32(00000000), ref: 0040574A
                                                                                                                                                                                                                                                    • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Program Files (x86)\Fast!,00000000,00000000,000000F0), ref: 00401622
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Fast!, xrefs: 00401617
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                                                                                                                                                    • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                                                    • API String ID: 3751793516-1788482285
                                                                                                                                                                                                                                                    • Opcode ID: 4119a9241f750ab8e997e3db940842f9a3b25b0b78736786cf3fc51800a7fa31
                                                                                                                                                                                                                                                    • Instruction ID: bb8d1e4e690ad92a523629274e31cd42690718b140f669fc0321f517961e655e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4119a9241f750ab8e997e3db940842f9a3b25b0b78736786cf3fc51800a7fa31
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB010831908140AFDB217B795D44D6F77B49E56365B24063FF491B22E1C53C0941962E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405EC3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34libraryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 489 405ec3-405ee3 GetSystemDirectoryA 490 405ee5 489->490 491 405ee7-405ee9 489->491 490->491 492 405ef9-405efb 491->492 493 405eeb-405ef3 491->493 495 405efc-405f2a wsprintfA LoadLibraryA 492->495 493->492 494 405ef5-405ef7 493->494 494->495
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405EDA
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00405F13
                                                                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(?), ref: 00405F23
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                                    • String ID: %s%s.dll$\
                                                                                                                                                                                                                                                    • API String ID: 2200240437-500877883
                                                                                                                                                                                                                                                    • Opcode ID: bac9a2fc6f46d7ce26ef8fb07d33782f421afe65be062073a8d3b7340457a89d
                                                                                                                                                                                                                                                    • Instruction ID: bb15d2e5d25401263bf0b052e26ed8f2ff91206720ea4b5c6b623b775464ebc4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bac9a2fc6f46d7ce26ef8fb07d33782f421afe65be062073a8d3b7340457a89d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FF02B309042095BDB149768DC0DEFB3B5CEB08304F1405BBA1C6E10D2E678ED558FD8
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004058A7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 496 4058a7-4058b1 497 4058b2-4058dc GetTickCount GetTempFileNameA 496->497 498 4058eb-4058ed 497->498 499 4058de-4058e0 497->499 501 4058e5-4058e8 498->501 499->497 500 4058e2 499->500 500->501
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004058BA
                                                                                                                                                                                                                                                    • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 004058D4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\SetupResources.exe$nsa
                                                                                                                                                                                                                                                    • API String ID: 1716503409-3826424196
                                                                                                                                                                                                                                                    • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                                                                                                                                    • Instruction ID: 40dff32a3e5f00750648796d4805ff32b13dc741bded237dc881b6ef32aeca23
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91F0A73734820476E7105E55DC04B9B7F6DDF91750F14C027FD449A1C0D6B4995497A5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405A88 Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 502 405a88-405ab9 RegOpenKeyExA 503 405af9-405afc 502->503 504 405abb-405ada RegQueryValueExA 502->504 505 405ae8 504->505 506 405adc-405ae0 504->506 507 405aea-405af3 RegCloseKey 505->507 506->507 508 405ae2-405ae6 506->508 507->503 508->505 508->507
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,00405CC4,00000000,00000002,?,00000002,0017A829,?,00405CC4,80000002,Software\Microsoft\Windows\CurrentVersion,0017A829,0042DBE0,005A94A1), ref: 00405AB1
                                                                                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(0017A829,?,00000000,00405CC4,0017A829,00405CC4), ref: 00405AD2
                                                                                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?), ref: 00405AF3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3677997916-0
                                                                                                                                                                                                                                                    • Opcode ID: 67b3e0d3ded8972df4b5bccd868b78f6ad8d4f27bd32828d0c76414c952c029f
                                                                                                                                                                                                                                                    • Instruction ID: 73a274855f42cec9a7ce3e58aeff3d3433a4445e8632c2ebf8a036d33102cd28
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67b3e0d3ded8972df4b5bccd868b78f6ad8d4f27bd32828d0c76414c952c029f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8701487114020AEFDF128F64EC88AEB3FACEF14358F004126F904A6160D235D964DFA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 509 401389-40138e 510 4013fa-4013fc 509->510 511 401390-4013a0 510->511 512 4013fe 510->512 511->512 514 4013a2-4013a3 call 401434 511->514 513 401400-401401 512->513 516 4013a8-4013ad 514->516 517 401404-401409 516->517 518 4013af-4013b7 call 40136d 516->518 517->513 521 4013b9-4013bb 518->521 522 4013bd-4013c2 518->522 523 4013c4-4013c9 521->523 522->523 523->510 524 4013cb-4013f4 MulDiv SendMessageA 523->524 524->510
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                    • Opcode ID: 42849ed48d919fde42c0d44f840d19e9f7e342482cf35ba8d4f2414d886d90f9
                                                                                                                                                                                                                                                    • Instruction ID: 86a6a9173f7d20567c8ae2bb249fddc303668c970c82e3d032b9735ebafba260
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42849ed48d919fde42c0d44f840d19e9f7e342482cf35ba8d4f2414d886d90f9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B30128317242209BE7195B399C05B6A369CE714328F50853BF851F72F2DA78DC039B8D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405F2D Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 525 405f2d-405f47 GetModuleHandleA 526 405f53-405f60 GetProcAddress 525->526 527 405f49-405f4a call 405ec3 525->527 529 405f64-405f66 526->529 530 405f4f-405f51 527->530 530->526 531 405f62 530->531 531->529
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,00000000,00403179,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00405F3F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00405F5A
                                                                                                                                                                                                                                                      • Part of subcall function 00405EC3: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405EDA
                                                                                                                                                                                                                                                      • Part of subcall function 00405EC3: wsprintfA.USER32 ref: 00405F13
                                                                                                                                                                                                                                                      • Part of subcall function 00405EC3: LoadLibraryA.KERNELBASE(?), ref: 00405F23
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2547128583-0
                                                                                                                                                                                                                                                    • Opcode ID: 1ff86fa5640f02b1d9e100387d52f784ab4969e574a7c6b0b5bb7fb3ea5c422e
                                                                                                                                                                                                                                                    • Instruction ID: 5a94b1a02772503a3f00306f9b3f9683cc322e661ee482fd999d4dc3ca30496d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ff86fa5640f02b1d9e100387d52f784ab4969e574a7c6b0b5bb7fb3ea5c422e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3AE0863260861176D6105B74AD0496B72A8DE8C7503054C7EF945F6190D738DC119AA9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405878 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 532 405878-4058a4 GetFileAttributesA CreateFileA
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(00000003,00402C78,C:\Users\user\AppData\Local\Temp\SetupResources.exe,80000000,00000003), ref: 0040587C
                                                                                                                                                                                                                                                    • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040589E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 415043291-0
                                                                                                                                                                                                                                                    • Opcode ID: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                                                                                                                                                                                    • Instruction ID: 518821d5ca0a74227a37217cadb520a33af9faec79942caa6648154b48e23ab6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DDD09E71658301AFEF098F20DE1AF2E7AA2EB84B01F10962CB646940E0D6715C15DB16
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405859 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 537 405859-405866 GetFileAttributesA 538 405875 537->538 539 405868-40586f SetFileAttributesA 537->539 539->538
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,00405664,?,?,?), ref: 0040585D
                                                                                                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000000), ref: 0040586F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                                    • Opcode ID: 074f941138e9f1df105fff9ec0b177d36ae7deb3ea45ba36f2ce8c3e98632dd9
                                                                                                                                                                                                                                                    • Instruction ID: 15299d6900fb3f0dcfcb805ba40550cd3d393431f2dda1ea0104ff8e742be84e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 074f941138e9f1df105fff9ec0b177d36ae7deb3ea45ba36f2ce8c3e98632dd9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8AC04CB1808505BBD6016B35DF4DC1F7B66EB50321B108B35F569A01F0CB319C66DA1A
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004053CC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 533 4053cc-4053da CreateDirectoryA 534 4053e0 GetLastError 533->534 535 4053dc-4053de 533->535 536 4053e6 534->536 535->536
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateDirectoryA.KERNELBASE(?,00000000,00403100,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 004053D2
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004053E0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1375471231-0
                                                                                                                                                                                                                                                    • Opcode ID: 62594c709cce2f5b8fb8ca5d54e7f3286412bfa0f130784d9dc04a2d264f0cc1
                                                                                                                                                                                                                                                    • Instruction ID: 0a32bba0594ce4c50c7d18531d00583a5fdebb7a5bad339d624f0ac39b1a71a3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62594c709cce2f5b8fb8ca5d54e7f3286412bfa0f130784d9dc04a2d264f0cc1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0C04C30A08501EBD6105B31AE49B177AE49B547C1F1045366506E41E0D7B49411D93E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00403093 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EC0,000000FF,00000004,00000000,00000000,00000000), ref: 004030AA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                                                                                                    • Opcode ID: 0be395bbe571093c8e78859d05ee89954336de5599fe3087c5eab9dc4054fae4
                                                                                                                                                                                                                                                    • Instruction ID: fff8dc69d300bf088447089d7068fb6aaa903b2c1760e3ba56c5ad9840b64b03
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0be395bbe571093c8e78859d05ee89954336de5599fe3087c5eab9dc4054fae4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BAE08C32161118BBCF215E52EC00EE73B5CEB047A2F008033BA14E62A0D670EA14DBAA
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004030C5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402DFF,00009DE4), ref: 004030D3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                                                                                    • Opcode ID: 1fe8ad6970e23be315a08abdb90e0b058f57890677f29add635e0ec7003afc6f
                                                                                                                                                                                                                                                    • Instruction ID: 89776e93a0172b97a38fb7948c015c90ed7fb14eba3da05579cbd58eb2c2bcc6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fe8ad6970e23be315a08abdb90e0b058f57890677f29add635e0ec7003afc6f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87B01271644200BFDB214F00DF06F057B61A794701F108030B744380F082712830EB1E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040351A Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(FFFFFFFF,00403340,00000000), ref: 00403525
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                                                    • Opcode ID: 8c26942ae0773f9dbc702252541389aaf768f8ffdabc22c98b52bd8a09ae71d5
                                                                                                                                                                                                                                                    • Instruction ID: d1a415a1e30e97e21d6e0245b321a96cd967b9cfe2038280d4bc5e0259fe27b2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c26942ae0773f9dbc702252541389aaf768f8ffdabc22c98b52bd8a09ae71d5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3CC01230544A00A6C2647F7C9E0B6053A156740336FD04725B175B10F3C73C5A41552E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 004047DC Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F9), ref: 004047F3
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000408), ref: 00404800
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000001), ref: 0040484C
                                                                                                                                                                                                                                                    • LoadBitmapA.USER32(0000006E), ref: 0040485F
                                                                                                                                                                                                                                                    • SetWindowLongA.USER32(?,000000FC,00404DDD), ref: 00404879
                                                                                                                                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 0040488D
                                                                                                                                                                                                                                                    • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 004048A1
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001109,00000002), ref: 004048B6
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004048C2
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004048D4
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004048D9
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404904
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404910
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049A5
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004049D0
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049E4
                                                                                                                                                                                                                                                    • GetWindowLongA.USER32(?,000000F0), ref: 00404A13
                                                                                                                                                                                                                                                    • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404A21
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000005), ref: 00404A32
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404B35
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404B9A
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404BAF
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404BD3
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404BF9
                                                                                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 00404C0E
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00404C1E
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404C8E
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404D37
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404D46
                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00404D66
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00404DB4
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FE), ref: 00404DBF
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00404DC6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                    • String ID: $M$N
                                                                                                                                                                                                                                                    • API String ID: 1638840714-813528018
                                                                                                                                                                                                                                                    • Opcode ID: 4e63ca6e9464e87f5d4ab94560d5c99c95fe02dad02888ea5b3d52ac9d8c04b8
                                                                                                                                                                                                                                                    • Instruction ID: 458a4472cc575749f24c7bcde6f1b2e9246033a2a8d3a9469834700d3721ba37
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e63ca6e9464e87f5d4ab94560d5c99c95fe02dad02888ea5b3d52ac9d8c04b8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7028EB0A00209EFDB21DF55DD85AAE7BB5FB84314F10813AF610BA2E1C7799A41DF58
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004054C6 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004054E4
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(0042B0C8,\*.*,0042B0C8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040552E
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(?,00409010,?,0042B0C8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040554F
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00409010,?,0042B0C8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405555
                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(0042B0C8,?,?,?,00409010,?,0042B0C8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405566
                                                                                                                                                                                                                                                    • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 00405618
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 00405629
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\SetupResources.exe, xrefs: 004054C6
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 004054D0
                                                                                                                                                                                                                                                    • \*.*, xrefs: 00405528
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\SetupResources.exe$\*.*
                                                                                                                                                                                                                                                    • API String ID: 2035342205-2904950052
                                                                                                                                                                                                                                                    • Opcode ID: 49a23bcb4989eb2bc55f989632ffb7892a432e638327651476ee734d0b1ae01c
                                                                                                                                                                                                                                                    • Instruction ID: 7349ebf4964971957ddff473b41d0a41d9b63905a7032000284e6e99f459cf31
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49a23bcb4989eb2bc55f989632ffb7892a432e638327651476ee734d0b1ae01c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C51F130404A487ADB226B228C45BBF3A69DF42318F50853BF909711D1DB7D9982DE6E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00404FCB Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000403), ref: 0040502A
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 00405039
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00405076
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000015), ref: 0040507E
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 0040509F
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004050B0
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 004050C3
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 004050D1
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001024,00000000,?), ref: 004050E4
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405106
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 0040511A
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 0040513B
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 0040514B
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405164
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00405170
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F8), ref: 00405048
                                                                                                                                                                                                                                                      • Part of subcall function 00403E92: SendMessageA.USER32(00000028,?,00000001,00403CC3), ref: 00403EA0
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 0040518D
                                                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_00004F5F,00000000), ref: 0040519B
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004051A2
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 004051C6
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000008), ref: 004051CB
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000008), ref: 00405212
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00001004,00000000,00000000), ref: 00405244
                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00405255
                                                                                                                                                                                                                                                    • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 0040526A
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 0040527D
                                                                                                                                                                                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004052A1
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004052DC
                                                                                                                                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 004052EC
                                                                                                                                                                                                                                                    • EmptyClipboard.USER32 ref: 004052F2
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004052FB
                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405305
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405319
                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405331
                                                                                                                                                                                                                                                    • SetClipboardData.USER32(00000001,00000000), ref: 0040533C
                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 00405342
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                                    • String ID: {
                                                                                                                                                                                                                                                    • API String ID: 590372296-366298937
                                                                                                                                                                                                                                                    • Opcode ID: 81a5edb01f2c481cc91269a3399b72ec91bb31aab1936338fad3c8b3eb1c2df1
                                                                                                                                                                                                                                                    • Instruction ID: 9773a58430cbfeecb670b401eb949321dafbae4239e93fa01985779c5be3160a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81a5edb01f2c481cc91269a3399b72ec91bb31aab1936338fad3c8b3eb1c2df1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADA14A70900208BFDB11AFA1DC89AAE7F79FB08354F40853AFA04BA1A0C7755A51DF99
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040398A Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039C6
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?), ref: 004039E3
                                                                                                                                                                                                                                                    • DestroyWindow.USER32 ref: 004039F7
                                                                                                                                                                                                                                                    • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403A13
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 00403A34
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A48
                                                                                                                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 00403A4F
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00403AFD
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00403B07
                                                                                                                                                                                                                                                    • SetClassLongA.USER32(?,000000F2,?), ref: 00403B21
                                                                                                                                                                                                                                                    • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B72
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000003), ref: 00403C18
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,?), ref: 00403C39
                                                                                                                                                                                                                                                    • EnableWindow.USER32(?,?), ref: 00403C4B
                                                                                                                                                                                                                                                    • EnableWindow.USER32(?,?), ref: 00403C66
                                                                                                                                                                                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403C7C
                                                                                                                                                                                                                                                    • EnableMenuItem.USER32(00000000), ref: 00403C83
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403C9B
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403CAE
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(0042A0C0,?,0042A0C0,Fast! Resources Setup), ref: 00403CD7
                                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,0042A0C0), ref: 00403CE6
                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,0000000A), ref: 00403E1A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                                                                                                                    • String ID: Fast! Resources Setup
                                                                                                                                                                                                                                                    • API String ID: 184305955-2780696101
                                                                                                                                                                                                                                                    • Opcode ID: f37d912e389ff35b5f2e3d6fe2aeb75ce8efd3987cf1f0c8c2098123954ad298
                                                                                                                                                                                                                                                    • Instruction ID: 5f76212842cc3a2ea0064beba359403a4e9feef3dd5448b927816276c7a72de1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f37d912e389ff35b5f2e3d6fe2aeb75ce8efd3987cf1f0c8c2098123954ad298
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1BC1D431604205ABDB216F62ED85D2B3EACFB49706F40053EF541B62E1C739A942DF6E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00403FA5 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404030
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(00000000,000003E8), ref: 00404044
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404062
                                                                                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 00404073
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404082
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404091
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0040409B
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004040A9
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004040B8
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,0000040A), ref: 0040411B
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 0040411E
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 00404149
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404189
                                                                                                                                                                                                                                                    • LoadCursorA.USER32(00000000,00007F02), ref: 00404198
                                                                                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 004041A1
                                                                                                                                                                                                                                                    • ShellExecuteA.SHELL32(0000070B,open,0042DBE0,00000000,00000000,00000001), ref: 004041B4
                                                                                                                                                                                                                                                    • LoadCursorA.USER32(00000000,00007F00), ref: 004041C1
                                                                                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 004041C4
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000111,00000001,00000000), ref: 004041F0
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404204
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                                                                                                                    • String ID: N$open$q?@
                                                                                                                                                                                                                                                    • API String ID: 3615053054-1931339921
                                                                                                                                                                                                                                                    • Opcode ID: 43e4b1bebc352cc37ab134c8e21d344cf3974b6da0146347b86895c6f7b453af
                                                                                                                                                                                                                                                    • Instruction ID: 8cc316ab489d754ba064ab1d5a66df449127ca6112c148b2bdc2fdd16cb80ba7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43e4b1bebc352cc37ab134c8e21d344cf3974b6da0146347b86895c6f7b453af
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9361DFB1A40209BFEB109F60CC45F6A3B68FB54745F10853AFB04BA2D1C7B8A951CF99
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                                    • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                                    • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                                    • DrawTextA.USER32(00000000,Fast! Resources Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                                    • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                    • String ID: F$Fast! Resources Setup
                                                                                                                                                                                                                                                    • API String ID: 941294808-2854520163
                                                                                                                                                                                                                                                    • Opcode ID: 9ef4e76bf49e76a01cd413a5d017736c2cab636d92d5aa9aaf47e7e990c9ee05
                                                                                                                                                                                                                                                    • Instruction ID: 7d427dbe4d4bacd88da03279d54ab8fa369b0c74db3328ba00a5b4b95e7f032c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ef4e76bf49e76a01cd413a5d017736c2cab636d92d5aa9aaf47e7e990c9ee05
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B41AC71804249AFCB058F95CD459BFBFB9FF44314F00802AF961AA2A0C738EA50DFA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004058EF Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00405F2D: GetModuleHandleA.KERNEL32(?,?,00000000,00403179,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00405F3F
                                                                                                                                                                                                                                                      • Part of subcall function 00405F2D: GetProcAddress.KERNEL32(00000000,?), ref: 00405F5A
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,00405684,?,00000000,000000F1,?), ref: 0040593C
                                                                                                                                                                                                                                                    • GetShortPathNameA.KERNEL32(?,0042C250,00000400), ref: 00405945
                                                                                                                                                                                                                                                    • GetShortPathNameA.KERNEL32(00000000,0042BCC8,00000400), ref: 00405962
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00405980
                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,0042BCC8,C0000000,00000004,0042BCC8,?,?,?,00000000,000000F1,?), ref: 004059BB
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059CA
                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059E0
                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,0042B8C8,00000000,-0000000A,00409404,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A26
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405A38
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00405A3F
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A46
                                                                                                                                                                                                                                                      • Part of subcall function 004057ED: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059FB,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057F4
                                                                                                                                                                                                                                                      • Part of subcall function 004057ED: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059FB,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405824
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                                                                                                                                                                                                                                    • String ID: %s=%s$[Rename]
                                                                                                                                                                                                                                                    • API String ID: 3445103937-1727408572
                                                                                                                                                                                                                                                    • Opcode ID: 93dbfb435071f571f0ab808dd2be6fd4af636485bab0aeb09ba325dd39622752
                                                                                                                                                                                                                                                    • Instruction ID: f45ed1bdfbf8c4b03de67142e423a5701368854c8b403738f0f2c648216b24c4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93dbfb435071f571f0ab808dd2be6fd4af636485bab0aeb09ba325dd39622752
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D741D471B05B157BD7206B619C89F6B3B5CDF85754F040136F905F62D2EA38E8018EAD
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040429B Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 273stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FB), ref: 004042EA
                                                                                                                                                                                                                                                    • SetWindowTextA.USER32(00000000,?), ref: 00404314
                                                                                                                                                                                                                                                    • SHBrowseForFolderA.SHELL32(?,00429490,?), ref: 004043C5
                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 004043D0
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(0042DBE0,0042A0C0), ref: 00404402
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(?,0042DBE0), ref: 0040440E
                                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404420
                                                                                                                                                                                                                                                      • Part of subcall function 00405446: GetDlgItemTextA.USER32(?,?,00000400,00404457), ref: 00405459
                                                                                                                                                                                                                                                      • Part of subcall function 00405E03: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\SetupResources.exe,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E5B
                                                                                                                                                                                                                                                      • Part of subcall function 00405E03: CharNextA.USER32(?,?,?,00000000), ref: 00405E68
                                                                                                                                                                                                                                                      • Part of subcall function 00405E03: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\SetupResources.exe,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E6D
                                                                                                                                                                                                                                                      • Part of subcall function 00405E03: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E7D
                                                                                                                                                                                                                                                    • GetDiskFreeSpaceA.KERNEL32(00429088,?,?,0000040F,?,00429088,00429088,?,00000001,00429088,?,?,000003FB,?), ref: 004044DE
                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004044F9
                                                                                                                                                                                                                                                      • Part of subcall function 00404652: lstrlenA.KERNEL32(0042A0C0,0042A0C0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,0040456D,000000DF,00000000,00000400,?), ref: 004046F0
                                                                                                                                                                                                                                                      • Part of subcall function 00404652: wsprintfA.USER32 ref: 004046F8
                                                                                                                                                                                                                                                      • Part of subcall function 00404652: SetDlgItemTextA.USER32(?,0042A0C0), ref: 0040470B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                    • String ID: A$C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                                                    • API String ID: 2624150263-1338060906
                                                                                                                                                                                                                                                    • Opcode ID: 651704e9fdbceafa19cbcaa3072621ff73f1ed0c40465ee915921c67da8dd18a
                                                                                                                                                                                                                                                    • Instruction ID: 25cf576a769d2d8a049a3aeadb65d5b4cdf4f75aeaeb5f9dd55cec19ee375662
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 651704e9fdbceafa19cbcaa3072621ff73f1ed0c40465ee915921c67da8dd18a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6A170B1900218ABDB11AFA5DC41BAF77B8EF84315F10843BF611B62D1D77C9A418F69
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405E03 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\SetupResources.exe,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E5B
                                                                                                                                                                                                                                                    • CharNextA.USER32(?,?,?,00000000), ref: 00405E68
                                                                                                                                                                                                                                                    • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\SetupResources.exe,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E6D
                                                                                                                                                                                                                                                    • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030E8,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 00405E7D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                    • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\SetupResources.exe
                                                                                                                                                                                                                                                    • API String ID: 589700163-1478310709
                                                                                                                                                                                                                                                    • Opcode ID: 3b5f3268fa1fae19e58d0ad2ced72642c676bfd811e2c7a6988a98807c9a22ca
                                                                                                                                                                                                                                                    • Instruction ID: 8c0debaa59703488c7458a94fa91a8896e4240cf3d31b331365b77cfd974a1c9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b5f3268fa1fae19e58d0ad2ced72642c676bfd811e2c7a6988a98807c9a22ca
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E11B671804A912DEB3217289C44B777FC8CB66790F18447BD4D5723C2D67C5D428AAD
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00403EC4 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetWindowLongA.USER32(?,000000EB), ref: 00403EE1
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000000), ref: 00403EFD
                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00403F09
                                                                                                                                                                                                                                                    • SetBkMode.GDI32(?,?), ref: 00403F15
                                                                                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 00403F28
                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 00403F38
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00403F52
                                                                                                                                                                                                                                                    • CreateBrushIndirect.GDI32(?), ref: 00403F5C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2320649405-0
                                                                                                                                                                                                                                                    • Opcode ID: 244050047767258f024cc5d970fbc24e44c9485df9f09a7a1d92820c249c5868
                                                                                                                                                                                                                                                    • Instruction ID: 0d89a351d513fb24bb3d4bb4099581c898fc75933690e96f4850fc1bb23eeaf2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 244050047767258f024cc5d970fbc24e44c9485df9f09a7a1d92820c249c5868
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91214271904745ABCB219F78DD08B4B7FF8AF05715B048629F995A22E0D734E9048B65
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402692 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00009E00,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004026E6
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402702
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 0040273B
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040274D
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00402754
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040276C
                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402780
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3294113728-0
                                                                                                                                                                                                                                                    • Opcode ID: 9c2b519bab710da34c4f93b0ba9d6d86cd7c01b4cb3bb32b5413ac78432567f7
                                                                                                                                                                                                                                                    • Instruction ID: 5b53ae4c2b613e87b8af51cb2b1d5881ebc53a54f05e9f53cd44442d287e2222
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c2b519bab710da34c4f93b0ba9d6d86cd7c01b4cb3bb32b5413ac78432567f7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3131A971C00128BBCF216FA5CE88DAE7F79EF05364F10423AF920762E1C67949408FA9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00404E8D Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00429898,00000000,0041F727,755723A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000,?), ref: 00404EC6
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00402FCC,00429898,00000000,0041F727,755723A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000), ref: 00404ED6
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(00429898,00402FCC,00402FCC,00429898,00000000,0041F727,755723A0), ref: 00404EE9
                                                                                                                                                                                                                                                    • SetWindowTextA.USER32(00429898,00429898), ref: 00404EFB
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F21
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F3B
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F49
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2531174081-0
                                                                                                                                                                                                                                                    • Opcode ID: b9bd97d855335461d49e39303d4d63c0ba14004c0d3fb8e2a59ec645a9842c76
                                                                                                                                                                                                                                                    • Instruction ID: d5e3cfdbeb95b60488c6f1e99959168c2d2eab17d02c72d4f5409838ea1ae410
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9bd97d855335461d49e39303d4d63c0ba14004c0d3fb8e2a59ec645a9842c76
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C21CF71900119BBDF11AFA5CD849DEBFB9EF45354F04807AF608B6290C779AE408FA8
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040475C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404777
                                                                                                                                                                                                                                                    • GetMessagePos.USER32 ref: 0040477F
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00404799
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,00001111,00000000,?), ref: 004047AB
                                                                                                                                                                                                                                                    • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004047D1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                    • String ID: f
                                                                                                                                                                                                                                                    • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                    • Opcode ID: b999d07b324019c2219c33d3107ce818a81de0efbbfc0766a2ac4245d0efef5f
                                                                                                                                                                                                                                                    • Instruction ID: 1287270e3ce35f4bc81f554f3193770291cde8f8b01dc106229a8c11fbd36195
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b999d07b324019c2219c33d3107ce818a81de0efbbfc0766a2ac4245d0efef5f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99014071D00219BADB01DBA4DD85FFEBBFCAB59711F10412BBA10B72C0D7B465018BA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402B51 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B6C
                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(034D6C32,00000064,034D80C0), ref: 00402B97
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00402BA7
                                                                                                                                                                                                                                                    • SetWindowTextA.USER32(?,?), ref: 00402BB7
                                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BC9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • verifying installer: %d%%, xrefs: 00402BA1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                    • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                    • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                    • Opcode ID: f4b40b60170e557e8e64fd1007bdae5203f411c8eb827d09f08439ceb1717922
                                                                                                                                                                                                                                                    • Instruction ID: 170251b52dccb1bc1045efc101099eb7df8550efa5a7238432f4f3ca5a85e13a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4b40b60170e557e8e64fd1007bdae5203f411c8eb827d09f08439ceb1717922
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C501F470644209BBDB209F61DD49EED3779AB44305F008039FA06B52D0D7B599558F95
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040534F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,?,00000000), ref: 00405392
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004053A6
                                                                                                                                                                                                                                                    • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053BB
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004053C5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp, xrefs: 0040534F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                                                                                                                                                    • API String ID: 3449924974-3707357800
                                                                                                                                                                                                                                                    • Opcode ID: 1936ad7c03f2b7d8793bf3b54e92df8b677be00562b78ee6b782fceed01fa342
                                                                                                                                                                                                                                                    • Instruction ID: 0f194ad754f8d2153fe6bade7a67ae4222ab15fc701b17716cfd16251ec2b406
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1936ad7c03f2b7d8793bf3b54e92df8b677be00562b78ee6b782fceed01fa342
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5010871D04259EBEF119BA0D904BEFBFB8EF04354F00457AE905B6180D3B89614CFAA
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402A4C Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A6D
                                                                                                                                                                                                                                                    • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AA9
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402AB2
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402AD7
                                                                                                                                                                                                                                                    • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AF5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1912718029-0
                                                                                                                                                                                                                                                    • Opcode ID: 87ccbfffecd7de7467de5c73c2002d88ab1ef4389744f866cc51cf150fc0b97d
                                                                                                                                                                                                                                                    • Instruction ID: aab1c47b15b7d7dbd0304e6a384de86cdfdd1b9a1951722987da620561d60ced
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87ccbfffecd7de7467de5c73c2002d88ab1ef4389744f866cc51cf150fc0b97d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45117F71A00009FFDF219F91DE49DAF3B69EB14394B004076FA06F00A0DBB49E52AF69
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401CC1 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?), ref: 00401CC5
                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00401CD2
                                                                                                                                                                                                                                                    • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401CF3
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00401D10
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1849352358-0
                                                                                                                                                                                                                                                    • Opcode ID: 80015c0295c996dc09a7a69a0851128c21454d925603859c5d6fd9af08ddf10e
                                                                                                                                                                                                                                                    • Instruction ID: 0b6a49845d72fa48a9a579b1019c06f6c105053db178aa5042bb0eadc5b1df39
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80015c0295c996dc09a7a69a0851128c21454d925603859c5d6fd9af08ddf10e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2DF0EC72A04114AFEB00EBA4DD88DAFB77CFB44305B044536F501F6191C678AD419B79
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00404652 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(0042A0C0,0042A0C0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,0040456D,000000DF,00000000,00000400,?), ref: 004046F0
                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 004046F8
                                                                                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,0042A0C0), ref: 0040470B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                    • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                    • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                    • Opcode ID: ec62b53d4e0dbb31f5b6c5a17a5348d37b593b8d10f93b7eb7b316986fd69fdf
                                                                                                                                                                                                                                                    • Instruction ID: cfc8e6c3a4af003209a53fcdfac8cba24e816d3e629d82a7997265ded69b8fd0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec62b53d4e0dbb31f5b6c5a17a5348d37b593b8d10f93b7eb7b316986fd69fdf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0112773A0412827EB0065699C45EAF3298DB86334F254637FE25F71D1E9799C1285EC
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401BAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                    • String ID: !
                                                                                                                                                                                                                                                    • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                    • Opcode ID: e392da7139347f63c408211002f75456f017542e4151f627b34d3607e76d39d5
                                                                                                                                                                                                                                                    • Instruction ID: e2d4d96ca7e059e12ef29128c845d67dbcf5a6688523181a8ec59df7cc8b106d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e392da7139347f63c408211002f75456f017542e4151f627b34d3607e76d39d5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B021A171A44208BFEF01AFB5CD8AAAE7B75EF44344F14407AF501BA1D1D6B88A40DB29
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004038BD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetWindowTextA.USER32(00000000,Fast! Resources Setup), ref: 00403955
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: TextWindow
                                                                                                                                                                                                                                                    • String ID: 1033$C:\Users\user\AppData\Local\Temp\SetupResources.exe$Fast! Resources Setup
                                                                                                                                                                                                                                                    • API String ID: 530164218-2019153694
                                                                                                                                                                                                                                                    • Opcode ID: 5c55cf1dc77012d7b49c2afc24761aa4d87cc513fcd06e13f885861062bacd8d
                                                                                                                                                                                                                                                    • Instruction ID: 93100a74eb761491cad5589d5ba72450eee8ba09b7e289b8bdcf135b4c9a781b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c55cf1dc77012d7b49c2afc24761aa4d87cc513fcd06e13f885861062bacd8d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A611F071B006108BC730EF56DC80A773BACEB85715368813BA801A73A0CA39AD028B9C
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405694 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030FA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 0040569A
                                                                                                                                                                                                                                                    • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030FA,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403299), ref: 004056A3
                                                                                                                                                                                                                                                    • lstrcatA.KERNEL32(?,00409010), ref: 004056B4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405694
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                    • API String ID: 2659869361-4083868402
                                                                                                                                                                                                                                                    • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                                                                                                                                    • Instruction ID: 3169b85a74bfaa55460b422d3e3fbca7e168afda588c61a1877893bbaf19970e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25D0A972606A302EE20226158C05F8B3A28CF52301B0448A2F640B22D2C7BC7E818FFE
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401F67 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401F92
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: lstrlenA.KERNEL32(00429898,00000000,0041F727,755723A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000,?), ref: 00404EC6
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: lstrlenA.KERNEL32(00402FCC,00429898,00000000,0041F727,755723A0,?,?,?,?,?,?,?,?,?,00402FCC,00000000), ref: 00404ED6
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: lstrcatA.KERNEL32(00429898,00402FCC,00402FCC,00429898,00000000,0041F727,755723A0), ref: 00404EE9
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SetWindowTextA.USER32(00429898,00429898), ref: 00404EFB
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F21
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F3B
                                                                                                                                                                                                                                                      • Part of subcall function 00404E8D: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F49
                                                                                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FA2
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00401FB2
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040201D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2987980305-0
                                                                                                                                                                                                                                                    • Opcode ID: a8bda000f72a175a0f0ed6af68dae75491426ca2de135a58b3756a98873c7a0f
                                                                                                                                                                                                                                                    • Instruction ID: c2750792bbdc63a1f1471102f5095df33ec689d5572da80d747626f78b0a8a56
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8bda000f72a175a0f0ed6af68dae75491426ca2de135a58b3756a98873c7a0f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86210B32904115BBDF206FA5CE8CA6E3571BF44358F20423BF901B62E1DBBC49419A5E
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402319 Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402357
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(0040A460,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402377
                                                                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,?,?,?,0040A460,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023B0
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,0040A460,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402493
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateValuelstrlen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1356686001-0
                                                                                                                                                                                                                                                    • Opcode ID: b6f4f247d7d0ae3319dc5e24e2c3de07eca660428b233407ae8b6eb34338d133
                                                                                                                                                                                                                                                    • Instruction ID: 87e3eab27a64c54b83edf31c6fc5fb34a185908cb1e9cfdfcb2c5e910e3a0e9b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6f4f247d7d0ae3319dc5e24e2c3de07eca660428b233407ae8b6eb34338d133
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74116371E00108BEEB10EFB5DE89EAF7A79EB50358F10403AF905B61D1D6B85D019A69
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00401D1B Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 00401D22
                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                                                                                                                                                                    • CreateFontIndirectA.GDI32(0040B064), ref: 00401D8A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CapsCreateDeviceFontIndirect
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3272661963-0
                                                                                                                                                                                                                                                    • Opcode ID: 4aff2da1ecbc0b46b4ebb4a1bc3754d5e437124edce295b0be6ec486ba38634f
                                                                                                                                                                                                                                                    • Instruction ID: 5e6b0a242ffc9277152ed6cf63edc70abaf129c53bcded44f01e7363494148ce
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4aff2da1ecbc0b46b4ebb4a1bc3754d5e437124edce295b0be6ec486ba38634f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0BF04471E89240AEE7016770AF1AB9B7F64D715305F104475F651B62E2C77914048BAE
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402BD4 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DestroyWindow.USER32(00000000,00000000,00402DB4,00000001), ref: 00402BE7
                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402C05
                                                                                                                                                                                                                                                    • CreateDialogParamA.USER32(0000006F,00000000,00402B51,00000000), ref: 00402C22
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 00402C30
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2102729457-0
                                                                                                                                                                                                                                                    • Opcode ID: b254695f6d3024de6991e78bd902d51a9eabd2695cbf76f56ec73d281620ca3d
                                                                                                                                                                                                                                                    • Instruction ID: fe7f2a60441318f0c2a90f6d59b101c1e11520174a0dcb1e75ef42172c75ba50
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b254695f6d3024de6991e78bd902d51a9eabd2695cbf76f56ec73d281620ca3d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7FF05470A0D121ABD6746F55FE8CD8B7BA4F744B017540576F000B11A4DA785882CFAD
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00402036 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(004074B8,?,00000001,004074A8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402089
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409458,00000400,?,00000001,004074A8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402143
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Fast!, xrefs: 004020C1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                                                                                                                                    • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                                                                                    • API String ID: 123533781-1788482285
                                                                                                                                                                                                                                                    • Opcode ID: 36078a608850ed5d6ba3cbed8c9731654616b1bc21e84282af2a803188abdfec
                                                                                                                                                                                                                                                    • Instruction ID: 191a2b8eefbfb1bddfad8f8f84b6cbb7561eb223b9fb57f38d09f1a7a57a31e1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36078a608850ed5d6ba3cbed8c9731654616b1bc21e84282af2a803188abdfec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39413075A00104BFDB00EFA4CD89E9E7BBAEF49364B20426AF505EB2D1CA799D41CB54
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00404DDD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 00404E13
                                                                                                                                                                                                                                                    • CallWindowProcA.USER32(?,00000200,?,?), ref: 00404E81
                                                                                                                                                                                                                                                      • Part of subcall function 00403EA9: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403EBB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                    • Opcode ID: 284444f2568d96eb5f499d391233f43a2f88d41ae364e0567807da02f849ec1b
                                                                                                                                                                                                                                                    • Instruction ID: 765017f4a7fe1763b93213a0743e5224a7b8bf10e0e2635d7465f91e9f3f1348
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 284444f2568d96eb5f499d391233f43a2f88d41ae364e0567807da02f849ec1b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5116D71500218BFDF215F51DC81E9B7669BB84365F00803AFA08792A1C37C49518BEE
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00405401 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042C0C8,Error launching installer), ref: 00405426
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00405433
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Error launching installer, xrefs: 00405414
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                    • String ID: Error launching installer
                                                                                                                                                                                                                                                    • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                    • Opcode ID: 0925aebfc32c6642fbbb941080814cd4d7ece6f22c8f43fc911f16656fd02ce2
                                                                                                                                                                                                                                                    • Instruction ID: 8ba2d39aa234bef1b68f753dd4085f5a0355ab0b72bc814b33162f1b9dafcc5c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0925aebfc32c6642fbbb941080814cd4d7ece6f22c8f43fc911f16656fd02ce2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40E0E675A00209ABDB109FA4DC45A6F7B7CFF10305B404521E914F3151D774D5148A6D
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 0040355F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,00000000,00403537,00403340,00000000), ref: 00403579
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00403580
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00403571
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                    • API String ID: 1100898210-4083868402
                                                                                                                                                                                                                                                    • Opcode ID: 84b733c7cccae0041813714216a38e771799edba4f139ceaa0c0671ece6e2eb2
                                                                                                                                                                                                                                                    • Instruction ID: bfe74e10b2793f4584c914afcf2a54bd359ebf4cfcfa0dffde5489d6b194198f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84b733c7cccae0041813714216a38e771799edba4f139ceaa0c0671ece6e2eb2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCE08C32901030A7DA211F15BC0475ABB6C6B49B32F01456AE801772B083742D424BE8
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004056DB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(80000000,C:\Users\user\AppData\Local\Temp,00402CA4,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\SetupResources.exe,C:\Users\user\AppData\Local\Temp\SetupResources.exe,80000000,00000003), ref: 004056E1
                                                                                                                                                                                                                                                    • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\AppData\Local\Temp,00402CA4,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\SetupResources.exe,C:\Users\user\AppData\Local\Temp\SetupResources.exe,80000000,00000003), ref: 004056EF
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp, xrefs: 004056DB
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CharPrevlstrlen
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                                                                                                                                                    • API String ID: 2709904686-3707357800
                                                                                                                                                                                                                                                    • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                                                                                                                                    • Instruction ID: 3f11d7040b39dee88ccc87d096f3af91d58a3172f7b65643d8c2c66232cec6f3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADD0A76280ADB01EF30352108C04B8F7A58CF13300F0948A2E040A21D1C6B85C418FFD
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 004057ED Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059FB,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057F4
                                                                                                                                                                                                                                                    • lstrcmpiA.KERNEL32(00000000,00000000), ref: 0040580D
                                                                                                                                                                                                                                                    • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 0040581B
                                                                                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059FB,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405824
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 0000000E.00000002.1994467846.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994449580.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994486072.0000000000407000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000040B000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.000000000042C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994503189.0000000000434000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 0000000E.00000002.1994601595.000000000043C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_14_2_400000_SetupResources.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 190613189-0
                                                                                                                                                                                                                                                    • Opcode ID: b9005c049e247e33e5549b3e141599c62d2a38fed0f6fd2d3c1464f89547bebd
                                                                                                                                                                                                                                                    • Instruction ID: 9d1965df737bf6a3caf75c2c412474092f11d9bf319c7f7f540ae1764f3f27e9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9005c049e247e33e5549b3e141599c62d2a38fed0f6fd2d3c1464f89547bebd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69F0A737209D51ABD202AB255C04D6B7FA4EF91314B14447AF840F2280D779A925DBBB
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 000C1260 Relevance: 79.0, APIs: 31, Strings: 14, Instructions: 216processCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WTSGetActiveConsoleSessionId.KERNEL32 ref: 000C127D
                                                                                                                                                                                                                                                    • WTSQueryUserToken.WTSAPI32(00000000,?), ref: 000C12A3
                                                                                                                                                                                                                                                    • GetTokenInformation.KERNELBASE(?,00000013(TokenIntegrityLevel),00000000,00000004,?), ref: 000C12DD
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 000C12ED
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 000C1300
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00000001), ref: 000C13DE
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 000C142D
                                                                                                                                                                                                                                                    • CreateProcessAsUserW.ADVAPI32(?,?,00000000,00000000,00000000,00000000,00000480,?,00000000,?,?), ref: 000C1462
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 000C1479
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 000C1481
                                                                                                                                                                                                                                                    • DestroyEnvironmentBlock.USERENV(?), ref: 000C1489
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 000C1495
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 000C149D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseHandle$TokenUserwsprintf$ActiveBlockConsoleCreateDestroyEnvironmentErrorInformationLastProcessQuerySession
                                                                                                                                                                                                                                                    • String ID: $%ws\fast!\fast!.exe$4/$D$Fast Engine: Convert SID error$Fast Engine: Create Env Block Error %d$Fast Engine: Create Process Error %d$Fast Engine: Duplicate Token Error$Fast Engine: Query User Token Error %d$Fast Engine: Set Token Info Error$Fast Engine: Token Error %d$Fast Engine: id:1$ProgramFiles$S-1-5-32-544
                                                                                                                                                                                                                                                    • API String ID: 413331851-1303119239
                                                                                                                                                                                                                                                    • Opcode ID: 0c8f5a1f3cb9f80466ed46be36d399068bd31969980629069d5a0dd9bb22c366
                                                                                                                                                                                                                                                    • Instruction ID: a97acf46742aecd73cc8e5d5399217e362ea9166655ec4e477a9b121c9dfb200
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c8f5a1f3cb9f80466ed46be36d399068bd31969980629069d5a0dd9bb22c366
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A71C5B0A4025CAEDB20AB64DC45FDDB7B8EF44305F0000E6FB08B6292DA755E949F79
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 000C1050 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 46 c1050-c107e StartServiceCtrlDispatcherW 47 c108a-c108f 46->47 48 c1080-c1089 GetLastError 46->48
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • StartServiceCtrlDispatcherW.ADVAPI32(?), ref: 000C1076
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 000C1080
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CtrlDispatcherErrorLastServiceStart
                                                                                                                                                                                                                                                    • String ID: FastSRV
                                                                                                                                                                                                                                                    • API String ID: 3783796564-1196406248
                                                                                                                                                                                                                                                    • Opcode ID: 5b2bcb4147aa8f773f4390747434fcc8f26bff9ebe839aa21bd4463045383265
                                                                                                                                                                                                                                                    • Instruction ID: 644dbc4f7e93615d62fa2a97797ad996f6565208f9b3ee6960c1b107df27e7e3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b2bcb4147aa8f773f4390747434fcc8f26bff9ebe839aa21bd4463045383265
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0E0B67090424C9BEB50DFE4D909BAEBBFCEB05309F204599DC1892241E7BA56548BE2
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 000C1090 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 65registrysynchronizationthreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegisterServiceCtrlHandlerExW.ADVAPI32(FastSRV,Function_000011F0,00000000), ref: 000C109C
                                                                                                                                                                                                                                                    • SetServiceStatus.SECHOST(00000000,000D6668), ref: 000C1102
                                                                                                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 000C110C
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 000C112A
                                                                                                                                                                                                                                                    • SetServiceStatus.ADVAPI32(000D6668), ref: 000C114A
                                                                                                                                                                                                                                                    • SetServiceStatus.ADVAPI32(000D6668), ref: 000C1183
                                                                                                                                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,Function_00001570,00000000,00000000,00000000), ref: 000C1194
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 000C119D
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 000C11A9
                                                                                                                                                                                                                                                    • SetServiceStatus.ADVAPI32(000D6668), ref: 000C11E2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Service$Status$Create$CloseCtrlErrorEventHandleHandlerLastObjectRegisterSingleThreadWait
                                                                                                                                                                                                                                                    • String ID: FastSRV
                                                                                                                                                                                                                                                    • API String ID: 4143498620-1196406248
                                                                                                                                                                                                                                                    • Opcode ID: e0da8b18aa321be2dc2567ee5a2460537d5a1ed64306fa91c11b78f7f2300f11
                                                                                                                                                                                                                                                    • Instruction ID: 1940c55569f8bd08ccbce495ef0b8044ef6d8b910d8ee4d0b8bec5dcf509468d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0da8b18aa321be2dc2567ee5a2460537d5a1ed64306fa91c11b78f7f2300f11
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E216FB1582740AAF7509FA1FD09F453BB0B715B0AF10420AEA049A6E0CBFF9048CFB4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 000C1570 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 46sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 000C1260: WTSGetActiveConsoleSessionId.KERNEL32 ref: 000C127D
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000), ref: 000C158D
                                                                                                                                                                                                                                                    • WTSGetActiveConsoleSessionId.KERNEL32 ref: 000C15A0
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 000C15B3
                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00002710), ref: 000C15C9
                                                                                                                                                                                                                                                      • Part of subcall function 000C1260: WTSQueryUserToken.WTSAPI32(00000000,?), ref: 000C12A3
                                                                                                                                                                                                                                                      • Part of subcall function 000C1260: GetTokenInformation.KERNELBASE(?,00000013(TokenIntegrityLevel),00000000,00000004,?), ref: 000C12DD
                                                                                                                                                                                                                                                      • Part of subcall function 000C1260: GetLastError.KERNEL32 ref: 000C12ED
                                                                                                                                                                                                                                                      • Part of subcall function 000C1260: wsprintfW.USER32 ref: 000C1300
                                                                                                                                                                                                                                                      • Part of subcall function 000C1260: CloseHandle.KERNEL32(?,?,00000001), ref: 000C13DE
                                                                                                                                                                                                                                                      • Part of subcall function 000C1260: wsprintfW.USER32 ref: 000C142D
                                                                                                                                                                                                                                                      • Part of subcall function 000C1260: CreateProcessAsUserW.ADVAPI32(?,?,00000000,00000000,00000000,00000000,00000480,?,00000000,?,?), ref: 000C1462
                                                                                                                                                                                                                                                      • Part of subcall function 000C1260: CloseHandle.KERNEL32(?), ref: 000C1479
                                                                                                                                                                                                                                                      • Part of subcall function 000C1260: CloseHandle.KERNEL32(?), ref: 000C1481
                                                                                                                                                                                                                                                      • Part of subcall function 000C1260: DestroyEnvironmentBlock.USERENV(?), ref: 000C1489
                                                                                                                                                                                                                                                      • Part of subcall function 000C1260: CloseHandle.KERNEL32(?), ref: 000C1495
                                                                                                                                                                                                                                                      • Part of subcall function 000C1260: CloseHandle.KERNEL32(?), ref: 000C149D
                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 000C15E3
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000), ref: 000C15ED
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseHandle$wsprintf$ActiveConsoleObjectSessionSingleSleepTokenUserWait$BlockCreateDestroyEnvironmentErrorInformationLastProcessQuery
                                                                                                                                                                                                                                                    • String ID: Fast Engine: id:%d$Fast Engine: id:1
                                                                                                                                                                                                                                                    • API String ID: 4272876791-665711391
                                                                                                                                                                                                                                                    • Opcode ID: aff0fcbb92785005edff2a451a9f985705701934ebe9200872b1483ce1f7a7ff
                                                                                                                                                                                                                                                    • Instruction ID: e1f3be1e7900cca83e5aedf3c0b2afe212e87a1e8d5ffb33942659ff9abedc6a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aff0fcbb92785005edff2a451a9f985705701934ebe9200872b1483ce1f7a7ff
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9101F931641704EBF6103765EC46FB93798EF82762F140226FD09A61E1EEA45C109EF9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 000C1E96 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 000C1EA2
                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 000C1F6E
                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 000C1F8E
                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 000C1F98
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 254469556-0
                                                                                                                                                                                                                                                    • Opcode ID: d401b391fd5d4fba865b631e99141f8d1c0bb278232d04da656bd7debfcee3c3
                                                                                                                                                                                                                                                    • Instruction ID: 4aef16b951ae4fe09e66cc6e2dc1729bebbdfd08a87fc4a42f068029a06b6144
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d401b391fd5d4fba865b631e99141f8d1c0bb278232d04da656bd7debfcee3c3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5312975D0521C9BEB20DFA4D989BCCBBF8AF08300F2041AAE40DAB251EB755A85DF45
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 000C15FE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 000C1020: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,000C162D,?,?,?,000C100A), ref: 000C1025
                                                                                                                                                                                                                                                      • Part of subcall function 000C1020: GetLastError.KERNEL32(?,?,?,000C100A), ref: 000C102F
                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,000C100A), ref: 000C1631
                                                                                                                                                                                                                                                    • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,000C100A), ref: 000C1640
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 000C163B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                                                                                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                    • API String ID: 3511171328-631824599
                                                                                                                                                                                                                                                    • Opcode ID: 72165b7c5bbe73f90a8458ffa776acf480f2d8eabf74b29b20d236721f5e578b
                                                                                                                                                                                                                                                    • Instruction ID: 5ca182ba8423239e4c4e788d7b8b76724c511260c0a5ac6d8bd8d99d541a940d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72165b7c5bbe73f90a8458ffa776acf480f2d8eabf74b29b20d236721f5e578b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25E0ED706017918FE3709F25D908B8A7BE4AB15744F14881DE855C7682E7B9D5448BA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 000C1CB2 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 000C1CC8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2325560087-0
                                                                                                                                                                                                                                                    • Opcode ID: ac43ec91b22eeebda50d3cb416f3488d4aea39833b5bda0e8bebea02f63d188d
                                                                                                                                                                                                                                                    • Instruction ID: 1e9689d2e54c18878d953f3a2987bbcc34728651041a577a6efa636a427faa9f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac43ec91b22eeebda50d3cb416f3488d4aea39833b5bda0e8bebea02f63d188d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22515E71921A058FEB24CF58DC91BAEBBF0FB49311F24856ADC15EB291D7789940CFA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 000C8275 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HeapProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 54951025-0
                                                                                                                                                                                                                                                    • Opcode ID: ac2b19a8981573dc9f60fa72c8d603d0e5033c02b79073e30a7f81bc51ac437d
                                                                                                                                                                                                                                                    • Instruction ID: 20ea282a60164d18a1e2ee9a0248b809bc2e19484abbf4f89a7f27508796907f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac2b19a8981573dc9f60fa72c8d603d0e5033c02b79073e30a7f81bc51ac437d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18A001B07026818BA7508F36AB096193BA9AB49691719806AAA19C51A0EB7E84909F52
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 000C33DB Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 110 c33db-c3406 call c43d5 113 c340c-c340f 110->113 114 c377a-c377f call c5d01 110->114 113->114 116 c3415-c341e 113->116 118 c351b-c3521 116->118 119 c3424-c3428 116->119 120 c3529-c3537 118->120 119->118 121 c342e-c3435 119->121 122 c353d-c3541 120->122 123 c36e3-c36e6 120->123 124 c344d-c3452 121->124 125 c3437-c343e 121->125 122->123 130 c3547-c354e 122->130 127 c36e8-c36eb 123->127 128 c3709-c3712 call c3096 123->128 124->118 129 c3458-c3460 call c3096 124->129 125->124 126 c3440-c3447 125->126 126->118 126->124 127->114 131 c36f1-c3706 call c3780 127->131 128->114 143 c3714-c3718 128->143 129->143 144 c3466-c347f call c3096 * 2 129->144 133 c3566-c356c 130->133 134 c3550-c3557 130->134 131->128 139 c3572-c3599 call c221c 133->139 140 c3683-c3687 133->140 134->133 138 c3559-c3560 134->138 138->123 138->133 139->140 156 c359f-c35a2 139->156 146 c3689-c3692 call c25d2 140->146 147 c3693-c369f 140->147 144->114 169 c3485-c348b 144->169 146->147 147->128 149 c36a1-c36ab 147->149 153 c36ad-c36af 149->153 154 c36b9-c36bb 149->154 153->128 157 c36b1-c36b5 153->157 158 c36bd-c36d0 call c3096 * 2 154->158 159 c36d2-c36df call c3e63 154->159 161 c35a5-c35ba 156->161 157->128 162 c36b7 157->162 188 c3719 call c5c66 158->188 173 c373e-c3753 call c3096 * 2 159->173 174 c36e1 159->174 165 c3664-c3677 161->165 166 c35c0-c35c3 161->166 162->158 165->161 170 c367d-c3680 165->170 166->165 171 c35c9-c35d1 166->171 176 c348d-c3491 169->176 177 c34b7-c34bf call c3096 169->177 170->140 171->165 178 c35d7-c35eb 171->178 206 c3758-c3775 call c240f call c3d63 call c3f20 call c3cda 173->206 207 c3755 173->207 174->128 176->177 183 c3493-c349a 176->183 192 c34c1-c34e1 call c3096 * 2 call c3e63 177->192 193 c3523-c3526 177->193 179 c35ee-c35ff 178->179 184 c3625-c3632 179->184 185 c3601-c3612 call c38b6 179->185 189 c349c-c34a3 183->189 190 c34ae-c34b1 183->190 184->179 195 c3634 184->195 203 c3614-c361d 185->203 204 c3636-c365e call c335b 185->204 202 c371e-c3739 call c25d2 call c3a6a call c4482 188->202 189->190 197 c34a5-c34ac 189->197 190->114 190->177 192->193 224 c34e3-c34e8 192->224 193->120 201 c3661 195->201 197->177 197->190 201->165 202->173 203->185 209 c361f-c3622 203->209 204->201 206->114 207->206 209->184 224->188 226 c34ee-c3501 call c3abf 224->226 226->202 231 c3507-c3513 226->231 231->188 232 c3519 231->232 232->226
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • type_info::operator==.LIBVCRUNTIME ref: 000C34FA
                                                                                                                                                                                                                                                    • ___TypeMatch.LIBVCRUNTIME ref: 000C3608
                                                                                                                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 000C375A
                                                                                                                                                                                                                                                    • CallUnexpected.LIBVCRUNTIME ref: 000C3775
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                    • API String ID: 2751267872-393685449
                                                                                                                                                                                                                                                    • Opcode ID: 59567af2eafdac85da2685145d3613d90e675c3de614fbad650c4ca6d190acbc
                                                                                                                                                                                                                                                    • Instruction ID: 75e4f1b4320d52e42106e7a8b6888a9e186e8620f67443d3e5e7691254c570f2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59567af2eafdac85da2685145d3613d90e675c3de614fbad650c4ca6d190acbc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DFB159B6814209EFCF29DFA4C881EAEBBB5BF14310B14815EE8156B212D731EB51CF91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 000C2EE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 233 c2ee0-c2f31 call cdcf0 call c2ea0 call c3f8c 240 c2f8d-c2f90 233->240 241 c2f33-c2f45 233->241 242 c2fb0-c2fb9 240->242 243 c2f92-c2f9f call c4180 240->243 241->242 244 c2f47-c2f5e 241->244 249 c2fa4-c2fad call c2ea0 243->249 246 c2f74 244->246 247 c2f60-c2f6e call c4120 244->247 248 c2f77-c2f7c 246->248 254 c2f84-c2f8b 247->254 255 c2f70 247->255 248->244 252 c2f7e-c2f80 248->252 249->242 252->242 256 c2f82 252->256 254->249 258 c2fba-c2fc3 255->258 259 c2f72 255->259 256->249 260 c2ffd-c300d call c4160 258->260 261 c2fc5-c2fcc 258->261 259->248 267 c300f-c301e call c4180 260->267 268 c3021-c303d call c2ea0 call c4140 260->268 261->260 262 c2fce-c2fdd call cda70 261->262 270 c2fdf-c2ff7 262->270 271 c2ffa 262->271 267->268 270->271 271->260
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 000C2F17
                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 000C2F1F
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 000C2FA8
                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 000C2FD3
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 000C3028
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: f2697dc50f9007fdf6e0ca38ffe2f101ddc3946326dc03e8cf9613ff10c47287
                                                                                                                                                                                                                                                    • Instruction ID: c91ddf8272e2c78af03340164e841e8886f315111165cc8c0f9144f8d7878efe
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2697dc50f9007fdf6e0ca38ffe2f101ddc3946326dc03e8cf9613ff10c47287
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31416A34A00249ABCF10DF68C884F9EBBF5AF45324F14816DE814AB792DB719A52CB91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 000C7E66 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 279 c7e66-c7e72 280 c7f04-c7f07 279->280 281 c7f0d 280->281 282 c7e77-c7e88 280->282 283 c7f0f-c7f13 281->283 284 c7e8a-c7e8d 282->284 285 c7e95-c7eae LoadLibraryExW 282->285 286 c7f2d-c7f2f 284->286 287 c7e93 284->287 288 c7f14-c7f24 285->288 289 c7eb0-c7eb9 GetLastError 285->289 286->283 291 c7f01 287->291 288->286 290 c7f26-c7f27 FreeLibrary 288->290 292 c7ebb-c7ecd call c5e98 289->292 293 c7ef2-c7eff 289->293 290->286 291->280 292->293 296 c7ecf-c7ee1 call c5e98 292->296 293->291 296->293 299 c7ee3-c7ef0 LoadLibraryExW 296->299 299->288 299->293
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,000C7F75,000C89BC,?,00000000,00000000,00000000,?,000C812C,00000022,FlsSetValue,000CFADC,000CFAE4,00000000), ref: 000C7F27
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                    • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                    • Opcode ID: f1ffbe2f5f5adf25d99d2989d6cc381fd935707913cb6df40de055c3e3be9540
                                                                                                                                                                                                                                                    • Instruction ID: ed076a7b95ac97aaf0a821b597c346e4624f22debd09029c7a251d336310e203
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1ffbe2f5f5adf25d99d2989d6cc381fd935707913cb6df40de055c3e3be9540
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0213A72A05151ABDB618B60DC81FAE3798DB45370F24417DFD1AA7291D774ED01CEE0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 000C30A4 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 300 c30a4-c30ab 301 c30ad-c30af 300->301 302 c30b0-c30cb GetLastError call c42f8 300->302 305 c30cd-c30cf 302->305 306 c30e4-c30e6 302->306 307 c312a-c3135 SetLastError 305->307 308 c30d1-c30e2 call c4333 305->308 306->307 308->306 311 c30e8-c30f8 call c5daa 308->311 314 c310c-c311c call c4333 311->314 315 c30fa-c310a call c4333 311->315 321 c3122-c3129 call c463e 314->321 315->314 320 c311e-c3120 315->320 320->321 321->307
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,000C309B,000C277E,000C204B), ref: 000C30B2
                                                                                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 000C30C0
                                                                                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 000C30D9
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,000C309B,000C277E,000C204B), ref: 000C312B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                                                                                                                    • Opcode ID: 431c35418970c3f076e1cda44f0aa479954b9c225f169808dfb9e1030f6c3e83
                                                                                                                                                                                                                                                    • Instruction ID: 62da7cbc9270b077b833ed2d3a638c59f4e917ab25f23e4010918ff57b915c9b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 431c35418970c3f076e1cda44f0aa479954b9c225f169808dfb9e1030f6c3e83
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5701D83222A6115EF66427B4ACA5F9F2BA4FB017B6330832EFD10450F2EF5A4E4151A0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 000C4E39 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 324 c4e39-c4e76 GetModuleHandleExW 325 c4e78-c4e8a GetProcAddress 324->325 326 c4e99-c4e9d 324->326 325->326 327 c4e8c-c4e97 325->327 328 c4e9f-c4ea2 FreeLibrary 326->328 329 c4ea8-c4eb5 326->329 327->326 328->329
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,A72C2789,?,?,00000000,000CDDAA,000000FF,?,000C4E15,?,?,000C4DE9,00000000), ref: 000C4E6E
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 000C4E80
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000000,000CDDAA,000000FF,?,000C4E15,?,?,000C4DE9,00000000), ref: 000C4EA2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                    • Opcode ID: 86e04d1f82a8b427029b511ae04370a14b2511d79c72d3742bcdfc277b53a9e6
                                                                                                                                                                                                                                                    • Instruction ID: cfa9c11d5de1358dd4915770b4405e03b4fea2e74896e6fe16e6dfc5e55cc5de
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 86e04d1f82a8b427029b511ae04370a14b2511d79c72d3742bcdfc277b53a9e6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5801D671904695EFEB118F50CC05FAEBBF8FB04B11F00463EF912A62D0DBB89800CA90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 000CA430 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 331 ca430-ca449 332 ca45f-ca464 331->332 333 ca44b-ca45b call cb731 331->333 335 ca466-ca46e 332->335 336 ca471-ca497 call c78a7 332->336 333->332 339 ca45d 333->339 335->336 341 ca60d-ca61e call c16ac 336->341 342 ca49d-ca4a8 336->342 339->332 344 ca4ae-ca4b3 342->344 345 ca600 342->345 348 ca4cc 344->348 349 ca4b5-ca4be call cdbe0 344->349 346 ca602 345->346 350 ca604-ca60b call c942d 346->350 351 ca4cd call c9290 348->351 349->346 356 ca4c4-ca4ca 349->356 350->341 355 ca4d2-ca4d7 351->355 355->346 358 ca4dd 355->358 359 ca4e3-ca4e8 356->359 358->359 359->346 360 ca4ee-ca503 call c78a7 359->360 360->346 363 ca509-ca524 call c819d 360->363 363->346 366 ca52a-ca532 363->366 367 ca56c-ca578 366->367 368 ca534-ca539 366->368 369 ca57a-ca57c 367->369 370 ca5f5 367->370 368->350 371 ca53f-ca541 368->371 373 ca57e-ca587 call cdbe0 369->373 374 ca591 369->374 375 ca5f7-ca5fe call c942d 370->375 371->346 372 ca547-ca561 call c819d 371->372 372->350 384 ca567 372->384 373->375 385 ca589-ca58f 373->385 378 ca592 call c9290 374->378 375->346 382 ca597-ca59c 378->382 382->375 386 ca59e 382->386 384->346 387 ca5a4-ca5a9 385->387 386->387 387->375 388 ca5ab-ca5c3 call c819d 387->388 388->375 391 ca5c5-ca5cc 388->391 392 ca5ed-ca5f3 391->392 393 ca5ce-ca5cf 391->393 394 ca5d0-ca5e2 call c7961 392->394 393->394 394->375 397 ca5e4-ca5eb call c942d 394->397 397->350
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 000CA4B5
                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 000CA57E
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 000CA5E5
                                                                                                                                                                                                                                                      • Part of subcall function 000C9290: HeapAlloc.KERNEL32(00000000,00000000,?,?,00000003,000C4768,?,000C46D7,?,00000000,000C48E6), ref: 000C92C2
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 000CA5F8
                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 000CA605
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1096550386-0
                                                                                                                                                                                                                                                    • Opcode ID: 6e7a6a45f0d7f5b21909d99dba48181f5a69000d0a6cd11cfcf75cd307169053
                                                                                                                                                                                                                                                    • Instruction ID: 2294e0832ad0e50b6416803c3ebb7fd08918873739c7b90dc95a5c29a237141e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e7a6a45f0d7f5b21909d99dba48181f5a69000d0a6cd11cfcf75cd307169053
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E651A0B270020AAFEB215FA48C45FAF77E9EF45758B19412DFD04D6151EA70CC509661
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 000C4237 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 400 c4237-c424c LoadLibraryExW 401 c424e-c4257 GetLastError 400->401 402 c4280-c4281 400->402 403 c427e 401->403 404 c4259-c426d call c5e98 401->404 403->402 404->403 407 c426f-c427d LoadLibraryExW 404->407
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,000C41E8,00000000,?,000D5CCC,?,?,?,000C438B,00000004,InitializeCriticalSectionEx,000CED60,InitializeCriticalSectionEx), ref: 000C4244
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,000C41E8,00000000,?,000D5CCC,?,?,?,000C438B,00000004,InitializeCriticalSectionEx,000CED60,InitializeCriticalSectionEx,00000000,?,000C3FD2), ref: 000C424E
                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 000C4276
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                                    • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                    • Opcode ID: 9106453a734d62036b443354e226d2376bc89a3827eaed8697ae1d23eb78c963
                                                                                                                                                                                                                                                    • Instruction ID: 35927404e4939942792f928870da07a7b8b36169e22868a897d04cef590df2e8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9106453a734d62036b443354e226d2376bc89a3827eaed8697ae1d23eb78c963
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80E04F31280288F7FF501FA1EC47F5C3A99AB00B51F648434FA0DA80E1E7B6E99085A4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 000CA812 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 408 ca812-ca882 GetConsoleOutputCP 409 ca88b-ca8a9 408->409 410 ca884-ca886 call c5dc0 408->410 412 ca8af-ca8b4 409->412 413 cabb8-cabd3 call c16ac 409->413 410->409 415 ca8b7-ca8cf 412->415 417 ca8d5-ca8e3 415->417 418 caa01-caa12 415->418 421 ca8e6-ca8e9 417->421 419 caa14-caa30 418->419 420 caa32-caa41 418->420 424 caa78-caa87 call c9ce9 419->424 425 caa72-caa77 420->425 426 caa43-caa4c 420->426 422 ca8eb-ca8f0 421->422 423 ca8f2-ca8fc 421->423 422->421 422->423 427 ca9a6-ca9b6 423->427 428 ca902-ca91a 423->428 424->413 439 caa8d 424->439 425->424 429 cab8f-cabae 426->429 430 caa52-caa67 call c9ce9 426->430 432 ca9bc-ca9ec call cb5c2 427->432 433 cab6e-cab70 427->433 435 ca920-ca922 428->435 436 cab41-cab43 428->436 429->413 430->413 449 caa6d-caa70 430->449 432->413 452 ca9f2 432->452 440 cab69-cab6c 433->440 441 cab72 433->441 442 ca925-ca92f 435->442 436->440 444 cab45-cab48 436->444 446 caa90-caab4 call c7961 439->446 440->413 447 cab75-cab8b 441->447 442->442 448 ca931-ca938 442->448 450 cab4b-cab64 444->450 446->413 461 caaba-caacf WriteFile 446->461 447->447 454 cab8d 447->454 455 ca94d-ca952 448->455 456 ca93a-ca94a call c2790 448->456 449->446 450->450 451 cab66 450->451 451->440 457 ca9f5-ca9fc 452->457 454->451 460 ca955-ca965 455->460 456->455 457->446 460->460 463 ca967-ca99e call cb5c2 460->463 464 caad5-caaec 461->464 465 cabb0-cabb6 GetLastError 461->465 463->413 471 ca9a4 463->471 464->413 467 caaf2-caaf6 464->467 465->413 469 caaf8-cab15 WriteFile 467->469 470 cab34-cab37 467->470 469->465 472 cab1b-cab1f 469->472 470->413 473 cab39-cab3c 470->473 471->457 472->413 474 cab25-cab31 472->474 473->415 474->470
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetConsoleOutputCP.KERNEL32(A72C2789,00000000,00000000,?), ref: 000CA875
                                                                                                                                                                                                                                                      • Part of subcall function 000C7961: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,000CA5DB,?,00000000,-00000008), ref: 000C79C2
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 000CAAC7
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 000CAB0D
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 000CABB0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2112829910-0
                                                                                                                                                                                                                                                    • Opcode ID: e1335b250fd0340ada19896cca82169117836acbc77df03a72406a5903ff5e62
                                                                                                                                                                                                                                                    • Instruction ID: cee69c9b15111a21246fe32a0deb9fe9daa8a95d755711a02231f40798a2edcb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e1335b250fd0340ada19896cca82169117836acbc77df03a72406a5903ff5e62
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31D17975E042489FCB15CFA8D884AEDBBB5EF0A304F24456EE856EB352D730A941CB61
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 000C3184 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 475 c3184-c319a call c2070 478 c32aa 475->478 479 c31a0-c31a3 475->479 480 c32ac-c32bb 478->480 479->478 481 c31a9-c31ae 479->481 482 c31b8-c31bf 481->482 483 c31b0-c31b2 481->483 484 c31c6-c31ce 482->484 485 c31c1-c31c4 482->485 483->478 483->482 486 c31f0-c31f6 484->486 487 c31d0-c31d3 484->487 485->484 489 c31f8 486->489 490 c3214-c3217 486->490 487->486 488 c31d5-c31df 487->488 488->486 491 c31e1-c31ee 488->491 492 c31fb-c31fd 489->492 493 c3219-c321d 490->493 494 c3256-c325c 490->494 491->492 497 c32bc-c32d7 call c5d01 call c2070 492->497 498 c3203-c3205 492->498 493->497 499 c3223-c3225 493->499 495 c325e-c3260 494->495 496 c3281-c3283 494->496 495->497 504 c3262-c3264 495->504 496->497 501 c3285-c3287 496->501 524 c32dd-c32e0 497->524 525 c32d9-c32db 497->525 498->497 505 c320b-c3212 498->505 499->497 500 c322b-c323e call c2790 499->500 512 c3296-c329f 500->512 517 c3240-c3243 500->517 501->497 507 c3289-c3293 501->507 504->497 509 c3266-c327f call c26fe call c2790 504->509 510 c324b-c3254 call c26fe 505->510 507->512 509->512 510->512 512->480 517->512 521 c3245-c3249 517->521 521->510 527 c32e3-c32fc call c3184 524->527 525->527 530 c32fe-c3301 527->530 531 c331f-c3332 call c26fe call c3efd 527->531 532 c3337-c334d 530->532 533 c3303-c331d call c26fe call c3f0d 530->533 531->532 533->532
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AdjustPointer
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1740715915-0
                                                                                                                                                                                                                                                    • Opcode ID: 5503a0c2d3a0e73f0dc888f7f070de15056a307fab0d304cf7fcf3b42b2c28b8
                                                                                                                                                                                                                                                    • Instruction ID: e7afcf8dce43e61e2c28c4c9475062f50763e4a23767c3db6ace120d6bbf8427
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5503a0c2d3a0e73f0dc888f7f070de15056a307fab0d304cf7fcf3b42b2c28b8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C451AC72624702AFDF289F54D945FAEB7A4EF44710F14852DEC0297692EB31EE80D790
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 000CBFE8 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,000CB80C,00000000,00000001,00000000,?,?,000CAC04,?,00000000,00000000), ref: 000CBFFF
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,000CB80C,00000000,00000001,00000000,?,?,000CAC04,?,00000000,00000000,?,?,?,000CB1A7,00000000), ref: 000CC00B
                                                                                                                                                                                                                                                      • Part of subcall function 000CBFD1: CloseHandle.KERNEL32(FFFFFFFE,000CC01B,?,000CB80C,00000000,00000001,00000000,?,?,000CAC04,?,00000000,00000000,?,?), ref: 000CBFE1
                                                                                                                                                                                                                                                    • ___initconout.LIBCMT ref: 000CC01B
                                                                                                                                                                                                                                                      • Part of subcall function 000CBF93: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,000CBFC2,000CB7F9,?,?,000CAC04,?,00000000,00000000,?), ref: 000CBFA6
                                                                                                                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,000CB80C,00000000,00000001,00000000,?,?,000CAC04,?,00000000,00000000,?), ref: 000CC030
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2744216297-0
                                                                                                                                                                                                                                                    • Opcode ID: 098168f8baf473d94f7b1a6ea30ad07fbf81709d8d5581d70d6f926bafeed3bd
                                                                                                                                                                                                                                                    • Instruction ID: 489b2001ecd42e2c810855beb27612558613c109693f0ca53803adfd999ba240
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 098168f8baf473d94f7b1a6ea30ad07fbf81709d8d5581d70d6f926bafeed3bd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7F0F836401194BBEF222FA5DC05E8E3F66FB483A1F244125FE0896131CA76C960AB91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 000C3780 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?), ref: 000C37A5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: EncodePointer
                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                    • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                    • Opcode ID: b8b8d1e0b2a42947d32337491b8320293c97239796866def1b72070811e73f77
                                                                                                                                                                                                                                                    • Instruction ID: b109154e92ebfc9e260dbe310ed4479724a140af4e0c48c100f10bdc8447067e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8b8d1e0b2a42947d32337491b8320293c97239796866def1b72070811e73f77
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6415672900209AFCF16DFA8CC85FEEBBB5BF48304F188199F905A7262D7359A50DB51
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 000C16AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 000C1BC3
                                                                                                                                                                                                                                                    • ___raise_securityfailure.LIBCMT ref: 000C1CAB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2742148495.00000000000C1000.00000020.00000001.01000000.00000014.sdmp, Offset: 000C0000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2741914627.00000000000C0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742373455.00000000000CE000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742623533.00000000000D5000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000010.00000002.2742806174.00000000000D7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_c0000_FastSRV.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                                                                                                    • String ID: XY
                                                                                                                                                                                                                                                    • API String ID: 3761405300-2284207290
                                                                                                                                                                                                                                                    • Opcode ID: 2164a09dc2c73caaf092dee1f6dc9be7b42d6383d0cdb786714e4a854389292f
                                                                                                                                                                                                                                                    • Instruction ID: 5ec00034d498d7f2afa9a505ae08b2e5a16f92c3ae2dba6d0ab8ebdfbf8e457d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2164a09dc2c73caaf092dee1f6dc9be7b42d6383d0cdb786714e4a854389292f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 062119B5502B20DAF710CF58FCD5B487BA4BB08316F54522BED098AAA0E3B85580CF62
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 00D92BB0 Relevance: 125.3, APIs: 42, Strings: 29, Instructions: 1067libraryloadersleepCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(ntdll.dll,8AC7FD4E,?,?,?,?,00EECF47,000000FF), ref: 00D92BE7
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NtWow64ReadVirtualMemory64), ref: 00D92BFB
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NtWow64QueryInformationProcess64), ref: 00D92C08
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NtQueryInformationProcess), ref: 00D92C15
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NtSetInformationProcess), ref: 00D92C22
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NtSuspendProcess), ref: 00D92C2F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NtResumeProcess), ref: 00D92C3C
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,00EECF47,000000FF), ref: 00D92C72
                                                                                                                                                                                                                                                      • Part of subcall function 00D92AF0: LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 00D92B10
                                                                                                                                                                                                                                                      • Part of subcall function 00D92AF0: GetCurrentProcess.KERNEL32 ref: 00D92B3A
                                                                                                                                                                                                                                                      • Part of subcall function 00D92AF0: OpenProcessToken.ADVAPI32(00000000,00000020), ref: 00D92B47
                                                                                                                                                                                                                                                      • Part of subcall function 00D92AF0: AdjustTokenPrivileges.KERNELBASE(?,00000000,00000002,00000010,00000000,00000000), ref: 00D92B62
                                                                                                                                                                                                                                                      • Part of subcall function 00D92AF0: GetLastError.KERNEL32 ref: 00D92B6C
                                                                                                                                                                                                                                                      • Part of subcall function 00D92AF0: FindCloseChangeNotification.KERNELBASE ref: 00D92B75
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A,?,?,000000FF), ref: 00D92D3E
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A,?,?,000000FF), ref: 00D92D6B
                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000079), ref: 00D92D83
                                                                                                                                                                                                                                                    • GetAsyncKeyState.USER32(00000012), ref: 00D92D8C
                                                                                                                                                                                                                                                    • GetTickCount64.KERNEL32 ref: 00D92D9A
                                                                                                                                                                                                                                                    • GetCursorPos.USER32(00F5566C), ref: 00D92DB1
                                                                                                                                                                                                                                                    • K32EnumProcesses.KERNEL32(?,00004000,?,?,?,000000FF), ref: 00D92E27
                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00D92F87
                                                                                                                                                                                                                                                    • K32GetProcessImageFileNameW.KERNEL32(00000000,?,000000FF), ref: 00D92FA0
                                                                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00D92FA7
                                                                                                                                                                                                                                                      • Part of subcall function 00D91C60: GetDC.USER32(00000000), ref: 00D91C76
                                                                                                                                                                                                                                                      • Part of subcall function 00D91C60: ReleaseDC.USER32(00000000,?), ref: 00D91D65
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(ntdll,NtQueryInformationProcess), ref: 00D931DB
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00D931E2
                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000400,00000000,?), ref: 00D931F6
                                                                                                                                                                                                                                                    • NtQueryInformationProcess.NTDLL(00000000,00000000,?,00000018,?), ref: 00D9321A
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00D9322A
                                                                                                                                                                                                                                                    • WindowFromPoint.USER32(?,?,000000FF), ref: 00D93542
                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,?), ref: 00D93562
                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32(?,?,000000FF), ref: 00D93588
                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,?), ref: 00D935A0
                                                                                                                                                                                                                                                    • GetWindowTextW.USER32(00000000,?,000000FF), ref: 00D935E0
                                                                                                                                                                                                                                                    • PostMessageW.USER32(00000000,00000010,00000000,00000000), ref: 00D93605
                                                                                                                                                                                                                                                    • __Xtime_get_ticks.LIBCPMT ref: 00D9360B
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D93619
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,00000000,00000000,?,00002710,00000000), ref: 00D93660
                                                                                                                                                                                                                                                    • GetActiveWindow.USER32 ref: 00D93666
                                                                                                                                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,?), ref: 00D93678
                                                                                                                                                                                                                                                    • GetWindowTextW.USER32(00000000,Windows Explorer,000000FF), ref: 00D938F6
                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000200,00000000,?,00000004,00000004,00000000,?), ref: 00D93A68
                                                                                                                                                                                                                                                    • SetPriorityClass.KERNELBASE(00000000,00000020), ref: 00D93A7A
                                                                                                                                                                                                                                                    • SetProcessPriorityBoost.KERNELBASE(00000000,00000000), ref: 00D93B07
                                                                                                                                                                                                                                                    • NtSetInformationProcess.NTDLL(00000000,00000027,?,00000004), ref: 00D93B19
                                                                                                                                                                                                                                                    • NtSetInformationProcess.NTDLL(00000000,00000021,?,00000004), ref: 00D93B2B
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00D93B32
                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(0000000A,00000004,00000004,00000000,?), ref: 00D93B7B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$Window$AddressProc$CloseOpen$HandleInformationSleepThread$AsyncChangeCurrentFileFindNotificationPriorityStateTextToken$ActiveAdjustBoostClassCount64CursorEnumErrorForegroundFromImageLastLibraryLoadLookupMessageModuleNamePointPostPrivilegePrivilegesProcessesQueryReleaseTickUnothrow_t@std@@@ValueWriteXtime_get_ticks__ehfuncinfo$??2@
                                                                                                                                                                                                                                                    • String ID: FileDescription$NtQueryInformationProcess$NtResumeProcess$NtSetInformationProcess$NtSuspendProcess$NtWow64QueryInformationProcess64$NtWow64ReadVirtualMemory64$P,Fw@FFw@BFw$Windows Explorer$__fasttest__$chrome.exe$csrss.exe$dllhost.exe$dwm.exe$explorer.exe$firefox.exe$googledrivefs.exe$iexplore.exe$lsass.exe$lsm.exe$microsoftedge.exe$microsoftedgecp.exe$ntdll$ntdll.dll$services.exe$smss.exe$svchost.exe$tabtip${ "fast":{ "fast_tutorial_benchmark_done":%lld } }
                                                                                                                                                                                                                                                    • API String ID: 3642366192-3084542162
                                                                                                                                                                                                                                                    • Opcode ID: d04da48985c5db61679370e36b239e71c6d0d2194abdce03fa8c58b43d518c72
                                                                                                                                                                                                                                                    • Instruction ID: 1c2b01e543d4ae4921e93803d08ab90d78c58e772be54beb3e5cdc0389ba71b3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d04da48985c5db61679370e36b239e71c6d0d2194abdce03fa8c58b43d518c72
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92A2D5B09017589FDF20DF24CD84BA9B7F4EF55301F180198E509A72A1E772AE84CF6A
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D94F80 Relevance: 65.2, APIs: 21, Strings: 16, Instructions: 423registrysleeppipeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 711 d94f80-d94fa2 call d983bb 714 d94fa8-d94fb8 711->714 715 d954cd-d954d2 call d97ae0 711->715 720 d94fbe-d94fc4 714->720 721 d95051 714->721 718 d954d7-d954dc call d97ae0 715->718 722 d954e1-d95500 call ecc0b3 718->722 723 d95039-d9503f 720->723 724 d94fc6-d94fd1 call d99249 720->724 725 d95053-d95060 call d97800 721->725 735 d9550a 722->735 736 d95502-d95505 722->736 727 d95040-d95049 723->727 734 d95066-d9506d 724->734 737 d94fd7-d94fe5 call d97320 724->737 725->734 727->727 732 d9504b-d9504f 727->732 732->725 738 d95070-d95076 734->738 736->735 737->734 743 d94fe7-d94ff9 737->743 740 d95078-d9507b 738->740 741 d95096-d95098 738->741 744 d9507d-d95085 740->744 745 d95092-d95094 740->745 746 d9509b-d9509d 741->746 747 d94ffb-d95007 call d976c0 743->747 748 d9500d-d95028 call ed2c08 call d973b0 743->748 744->741 749 d95087-d95090 744->749 745->746 750 d9509f 746->750 751 d950a6-d950bf OpenEventW 746->751 747->748 748->718 768 d9502e-d95037 748->768 749->738 749->745 750->751 754 d950cd-d9512f CreateEventW call ed7a55 call d92090 GetNativeSystemInfo GetCurrentProcess IsWow64Process call d97c40 751->754 755 d950c1-d950c8 PulseEvent 751->755 772 d95130-d95136 754->772 758 d954a0-d954ae 755->758 761 d954b8-d954ca call ecbd31 758->761 762 d954b0-d954b3 758->762 762->761 768->734 773 d95138-d9513b 772->773 774 d95156-d95158 772->774 775 d9513d-d95145 773->775 776 d95152-d95154 773->776 777 d9515b-d95163 774->777 775->774 778 d95147-d95150 775->778 776->777 779 d95169-d9516e 777->779 780 d9523b-d952a6 RegOpenKeyExW RegQueryValueExW RegCloseKey call ed7c72 wsprintfW 777->780 778->772 778->776 782 d95173-d95179 779->782 787 d952a9-d952bd 780->787 784 d95199-d9519b 782->784 785 d9517b-d9517e 782->785 786 d9519e-d951a0 784->786 788 d95180-d95188 785->788 789 d95195-d95197 785->789 786->780 790 d951a6-d951ab 786->790 791 d952c0-d952c9 787->791 788->784 792 d9518a-d95193 788->792 789->786 793 d951b0-d951b6 790->793 791->791 794 d952cb-d952cf 791->794 792->782 792->789 795 d951b8-d951bb 793->795 796 d951d6-d951d8 793->796 797 d952d1-d952d8 794->797 798 d95304-d95372 call d91d90 wsprintfW RegCreateKeyW RegQueryValueW 794->798 799 d951bd-d951c5 795->799 800 d951d2-d951d4 795->800 801 d951db-d951dd 796->801 802 d952e0-d952f6 797->802 808 d95391-d95395 798->808 809 d95374-d9538f CloseHandle 798->809 799->796 805 d951c7-d951d0 799->805 800->801 801->780 806 d951df-d951e9 801->806 802->802 807 d952f8-d952fe 802->807 805->793 805->800 810 d951f0-d951f6 806->810 807->798 812 d953a1-d953a7 CloseHandle 808->812 813 d95397-d9539f CloseHandle 808->813 811 d953b5-d9540f call ed7a55 CreateNamedPipeW call ed7a55 Sleep 809->811 814 d951f8-d951fb 810->814 815 d95216-d95218 810->815 828 d95411-d95427 GetModuleFileNameW 811->828 829 d95483 811->829 817 d953a9-d953ae 812->817 813->817 819 d951fd-d95205 814->819 820 d95212-d95214 814->820 816 d9521b-d9521d 815->816 816->780 821 d9521f-d95224 816->821 817->811 819->815 823 d95207-d95210 819->823 820->816 824 d95227-d95230 821->824 823->810 823->820 824->824 826 d95232-d95239 824->826 826->780 826->787 831 d95429 828->831 832 d95443-d9546d call ed78ec ShellExecuteW 828->832 830 d9548a-d95491 829->830 830->758 834 d95493-d9549e Sleep 830->834 835 d95430-d9543c 831->835 832->830 834->758 834->834 837 d9546f-d95475 835->837 838 d9543e-d95441 835->838 837->722 839 d95477-d95481 837->839 838->832 838->835 839->832
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • OpenEventW.KERNEL32(001F0003,00000001,Local\fast!,?,00000000), ref: 00D950B2
                                                                                                                                                                                                                                                    • PulseEvent.KERNEL32(00000000), ref: 00D950C2
                                                                                                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000000,00000000,Local\fast!), ref: 00D950D8
                                                                                                                                                                                                                                                    • GetNativeSystemInfo.KERNELBASE(00F53730), ref: 00D950FE
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00F5372C), ref: 00D95109
                                                                                                                                                                                                                                                    • IsWow64Process.KERNEL32(00000000), ref: 00D95110
                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00000101,?), ref: 00D95253
                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,MachineGuid,00000000,?,?,00000200), ref: 00D9527B
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00D95287
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00D952A4
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00D95324
                                                                                                                                                                                                                                                    • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 00D9533C
                                                                                                                                                                                                                                                    • RegQueryValueW.ADVAPI32(?,00F2EE74,?,00000400), ref: 00D9535B
                                                                                                                                                                                                                                                      • Part of subcall function 00D97320: FindResourceW.KERNEL32(00000000,?,00000006,00D99E47,?,?,00D97462,00000000,00000000,?,00000000,?,00000010,?,00D9C132,?), ref: 00D97338
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D95374
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D95397
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D953A1
                                                                                                                                                                                                                                                    • CreateNamedPipeW.KERNELBASE(\\.\pipe\veryfastapp,00000003,00000000,00000001,00004000,00004000,00000000,00000000), ref: 00D953DF
                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(000003E8), ref: 00D95406
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00D9541F
                                                                                                                                                                                                                                                    • ShellExecuteW.SHELL32(00000000,open,nwjs\nw,ui\.,00000000,00000001), ref: 00D95467
                                                                                                                                                                                                                                                    • Sleep.KERNELBASE(00000064), ref: 00D95495
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Close$CreateEventHandle$OpenProcessQuerySleepValuewsprintf$CurrentExecuteFileFindInfoModuleNameNamedNativePipePulseResourceShellSystemWow64
                                                                                                                                                                                                                                                    • String ID: %wsX$/noui$00000000-0000-0000-0000-000000000000$03000200-0400-0500-0006-000700080009$12345678-1234-5678-90AB-CDDEEFAABBCC$9AC52742-8547-84D6-5349-ECEC87A66D67$FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF$Local\fast!$MachineGuid$SOFTWARE\Classes\CLSID\{%ws}$SOFTWARE\Microsoft\Cryptography$\$\\.\pipe\veryfastapp$nwjs\nw$open$ui\.
                                                                                                                                                                                                                                                    • API String ID: 869260719-864874832
                                                                                                                                                                                                                                                    • Opcode ID: 56559d522971cfa98532831b182e0bcc51e8a47f82b4374fa6d28ac60ac87107
                                                                                                                                                                                                                                                    • Instruction ID: b61606c554646f6dfbbf24fab7caeae9a5c9c0ff321cdd159fc86063cd77c1f5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56559d522971cfa98532831b182e0bcc51e8a47f82b4374fa6d28ac60ac87107
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4E18D716007059BDF11AF60FC16BBA33A5EF10705F684078EA0ABB299E771D985CB74
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D92AF0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 00D92B10
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00D92B3A
                                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,00000020), ref: 00D92B47
                                                                                                                                                                                                                                                    • AdjustTokenPrivileges.KERNELBASE(?,00000000,00000002,00000010,00000000,00000000), ref: 00D92B62
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00D92B6C
                                                                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE ref: 00D92B75
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00D92B8C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLastProcessToken$AdjustChangeCloseCurrentFindLookupNotificationOpenPrivilegePrivilegesValue
                                                                                                                                                                                                                                                    • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                    • API String ID: 3700415687-2896544425
                                                                                                                                                                                                                                                    • Opcode ID: 5225aab56b5a0ba53ecc8227a5569d5ca91584eabadd50fb42f3f8411c90d17e
                                                                                                                                                                                                                                                    • Instruction ID: 434c9fdbf1a7bdd023e4bbaa3556471f42844750fc09671be5d3d15bc2ee9a69
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5225aab56b5a0ba53ecc8227a5569d5ca91584eabadd50fb42f3f8411c90d17e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85114270244306AFD714DF61ED0AB3BBBE8EB88704F20491DF899962D1DB719809DB92
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D94040 Relevance: 219.8, APIs: 66, Strings: 59, Instructions: 1075registryfileserviceCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ConnectNamedPipe.KERNELBASE(0000029C,00000000), ref: 00D940B3
                                                                                                                                                                                                                                                    • ReadFile.KERNELBASE(?,000003FF,?,00000000), ref: 00D940DC
                                                                                                                                                                                                                                                    • GetTickCount64.KERNEL32 ref: 00D941AA
                                                                                                                                                                                                                                                    • OpenSCManagerW.ADVAPI32(?,?,000F003F), ref: 00D94244
                                                                                                                                                                                                                                                    • OpenServiceW.ADVAPI32(00000000,FastSRV,000F003F), ref: 00D94255
                                                                                                                                                                                                                                                    • QueryServiceStatusEx.ADVAPI32(00000000,00000000,?,00000024,?), ref: 00D9428B
                                                                                                                                                                                                                                                    • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000002,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D942BE
                                                                                                                                                                                                                                                    • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 00D942C9
                                                                                                                                                                                                                                                    • OpenSCManagerW.ADVAPI32(?,?,000F003F), ref: 00D94314
                                                                                                                                                                                                                                                    • OpenServiceW.ADVAPI32(00000000,FastSRV,000F003F), ref: 00D94325
                                                                                                                                                                                                                                                    • QueryServiceStatusEx.ADVAPI32(00000000,00000000,?,00000024,?), ref: 00D9435B
                                                                                                                                                                                                                                                    • ControlService.ADVAPI32(00000000,00000001,?), ref: 00D94378
                                                                                                                                                                                                                                                    • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000004,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D94393
                                                                                                                                                                                                                                                    • OpenSCManagerW.SECHOST(?,?,000F003F), ref: 00D943D9
                                                                                                                                                                                                                                                    • OpenServiceW.ADVAPI32(00000000,FastSRV,000F003F), ref: 00D943EA
                                                                                                                                                                                                                                                    • QueryServiceStatusEx.ADVAPI32(00000000,00000000,?,00000024,?), ref: 00D94403
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00D9442A
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,00000000), ref: 00D94470
                                                                                                                                                                                                                                                    • ShellExecuteW.SHELL32(?,open,eventvwr,/c:System /f:"*[System[(Level = 1 or Level = 2)]]",?,00000001), ref: 00D944FC
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00D94585
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,00000000), ref: 00D945C4
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,00000000), ref: 00D946C0
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00D94722
                                                                                                                                                                                                                                                    • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 00D9473A
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00D9474E
                                                                                                                                                                                                                                                    • RegSetValueW.ADVAPI32(?,00F2EE74,00000001,?,?), ref: 00D94784
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D94790
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,00000000), ref: 00D94811
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00D9483B
                                                                                                                                                                                                                                                    • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 00D94859
                                                                                                                                                                                                                                                    • RegQueryValueW.ADVAPI32(?,00F2EE74,?,?), ref: 00D94874
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00D948A2
                                                                                                                                                                                                                                                    • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 00D948BA
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00D948CA
                                                                                                                                                                                                                                                    • RegSetValueW.ADVAPI32(?,00F2EE74,00000001,?,?), ref: 00D94904
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D94910
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00D9494D
                                                                                                                                                                                                                                                    • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 00D94965
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00D94979
                                                                                                                                                                                                                                                    • RegSetValueW.ADVAPI32(?,00F2EE74,00000001,?,?), ref: 00D949AB
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D949B7
                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 00D94A01
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00D94A57
                                                                                                                                                                                                                                                    • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 00D94A6F
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00D94A83
                                                                                                                                                                                                                                                    • RegSetValueW.ADVAPI32(?,00F2EE74,00000001,?,?), ref: 00D94AB5
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D94AC1
                                                                                                                                                                                                                                                    • RegCreateKeyW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Uninstall\Fast!,?), ref: 00D94B7A
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(?,PixelURL,00000000,?,?,00000208), ref: 00D94BA2
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00D94BAE
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,00000000), ref: 00D94BF8
                                                                                                                                                                                                                                                    • RegOpenKeyExW.KERNELBASE(80000000,Word.Application,00000000,00000101,?), ref: 00D94C42
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00D94C68
                                                                                                                                                                                                                                                    • RegOpenKeyExW.KERNELBASE(80000000,Excel.Application,00000000,00000101,?), ref: 00D94C82
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00D94CA6
                                                                                                                                                                                                                                                    • RegOpenKeyExW.KERNELBASE(80000000,Powerpoint.Application,00000000,00000101,?), ref: 00D94CC0
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00D94CE4
                                                                                                                                                                                                                                                    • RegOpenKeyExW.KERNELBASE(80000000,.pdf,00000000,00000101,?), ref: 00D94CFE
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00D94D1C
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,00000000), ref: 00D94DA0
                                                                                                                                                                                                                                                    • ReadFile.KERNELBASE(?,000003FF,?,00000000), ref: 00D94F16
                                                                                                                                                                                                                                                    • DisconnectNamedPipe.KERNEL32 ref: 00D94F26
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: wsprintf$OpenService$Close$File$CreateValueWrite$Query$Handle$ManagerStatus$ChangeConfigNamedPipeRead$ConnectControlCount64DisconnectExecuteShellSleepStartTick
                                                                                                                                                                                                                                                    • String ID: .pdf$/c:System /f:"*[System[(Level = 1 or Level = 2)]]"$1073741824$2.305$20231003105718.000000+120$232$4193332$59474$64-bit$8387636$9AC52742-8547-84D6-5349-ECEC87A66D67$Excel.Application$FastSRV$Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz$Microsoft Windows 10 Pro$None$PixelURL$Powerpoint.Application$SOFTWARE\Classes\CLSID\{%ws}$Software\Microsoft\Windows\CurrentVersion\Uninstall\Fast!$TT1GN5$Windows Explorer$Word.Application$eventvwr$false$false$fast_AutoStartOff$fast_AutoStartOn$fast_AutoStartQuery$fast_getevents$fast_gethardware$fast_gettutorialapps$fast_geturlpixel$fast_license$fast_notify$fast_query$fast_quit$fast_reloadconfig$fast_restarttrial$fast_setexpire$fast_showevents$fast_start$fast_stop$fast_tutorialoff$fast_tutorialon$gfff$gwoigl, Inc.$notify$open$true$true${ "fast":{ "fast_activation_failed":1 } }${ "fast":{ "fast_activation_success":1 } }${ "fast":{ "fast_activation_success":2 } }${ "fast":{ "urlpixel":"%ws" } }${ "fast":{"cpu_name":"%ws","gpu_name":"%ws","gpu_ram":"%ws","os_architecture":"%ws","os_installdate":"%ws","os_name":"%ws","os_mem${ "fast":{"serviceStarted":"%ws" } }${ "fast":{"tutorial_apps":1,"tutorial_apps_word":"%s","tutorial_apps_excel":"%s","tutorial_apps_powerpoint":"%s","tutorial_apps_pdf":"%s"} }${ "fast":{"version":"%ws","UUID":"%ws","trial":"%s","expired":"%s","running":"%s", "shownow":"%s", "interest":"%ws", "expectation":"%ws", "interestfaster":"%s", "defaultbrowser":"%ws", "proccount":"%d", "trialleftsecs":"%d" } }
                                                                                                                                                                                                                                                    • API String ID: 1286144202-3824572431
                                                                                                                                                                                                                                                    • Opcode ID: b1bfe9a37b511947c7ee2d11cf6307b755eb34c0bb68c2530959adcbcf4ee6ee
                                                                                                                                                                                                                                                    • Instruction ID: 08310843498abfb2907ad615de3373032e081b422b7925a8367c2bdbf0e72318
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1bfe9a37b511947c7ee2d11cf6307b755eb34c0bb68c2530959adcbcf4ee6ee
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19824871A04298AEDF208B20ED51FF53B79EB15305F2801D4FA49E6193D7B2DE4ADB21
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D91D90 Relevance: 80.7, APIs: 17, Strings: 29, Instructions: 180registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegCreateKeyW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Uninstall\Fast!,?), ref: 00D91DB5
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(?,DisplayVersion,00000000,?,2.305,?), ref: 00D91DEB
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(?,BrowserType,00000000,?,00F54FD8,00000080), ref: 00D91E17
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(?,cpu_name,00000000,?,Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz,00000080), ref: 00D91E43
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(?,gpu_name,00000000,?,TT1GN5,00000200), ref: 00D91E6F
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(?,gpu_ram,00000000,?,1073741824,00000200), ref: 00D91E9B
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(?,os_architecture,00000000,?,64-bit,00000200), ref: 00D91EC7
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(?,os_installdate,00000000,?,20231003105718.000000+120,00000200), ref: 00D91EF3
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(?,os_name,00000000,?,Microsoft Windows 10 Pro,00000200), ref: 00D91F1F
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(?,os_mem,00000000,?,4193332,00000200), ref: 00D91F4B
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(?,os_virtmem,00000000,?,8387636,00000200), ref: 00D91F77
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(?,pc_vendor,00000000,?,gwoigl, Inc.,00000200), ref: 00D91FA3
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(?,pc_version,00000000,?,None,00000200), ref: 00D91FCF
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(?,dsk_iosec,00000000,?,59474,00000200), ref: 00D91FFB
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(?,dsk_mbsec,00000000,?,232,00000200), ref: 00D92027
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(?,notify,00000000,?,?,00000200), ref: 00D92055
                                                                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 00D9207B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: QueryValue$ChangeCloseCreateFindNotification
                                                                                                                                                                                                                                                    • String ID: 1073741824$2.305$20231003105718.000000+120$232$4193332$59474$64-bit$8387636$BrowserType$DisplayVersion$Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz$Microsoft Windows 10 Pro$None$Software\Microsoft\Windows\CurrentVersion\Uninstall\Fast!$TT1GN5$cpu_name$dsk_iosec$dsk_mbsec$gpu_name$gpu_ram$gwoigl, Inc.$notify$os_architecture$os_installdate$os_mem$os_name$os_virtmem$pc_vendor$pc_version
                                                                                                                                                                                                                                                    • API String ID: 982453973-91303038
                                                                                                                                                                                                                                                    • Opcode ID: 3e5b9f40b2ce05f71a96c4666e15b6eef7bca6a47e3449b129e9cfcb0eb0dcad
                                                                                                                                                                                                                                                    • Instruction ID: dfad40da80a7a03edc8cda454d85cb9df3dc75dea8b245e9806a112b540044b1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e5b9f40b2ce05f71a96c4666e15b6eef7bca6a47e3449b129e9cfcb0eb0dcad
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26718BB194022CAEEB61CB10DC45FE9B7BCFB04704F6080D5A94DF2191DAB0AF999F65
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC7CEF Relevance: 68.6, APIs: 34, Strings: 5, Instructions: 366stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 584 dc7cef-dc7d4c call ecc46f call d9fd2d GetDeviceCaps 589 dc7d4e-dc7d5d 584->589 590 dc7d67 584->590 591 dc7d5f-dc7d65 589->591 592 dc7d69 589->592 590->592 593 dc7d6b-dc7d73 591->593 592->593 594 dc7d89-dc7d91 593->594 595 dc7d75-dc7d79 593->595 597 dc7da7-dc7daf 594->597 598 dc7d93-dc7d97 594->598 595->594 596 dc7d7b-dc7d83 call da0999 DeleteObject 595->596 596->594 601 dc7dc5-dc7dcd 597->601 602 dc7db1-dc7db5 597->602 598->597 600 dc7d99-dc7da1 call da0999 DeleteObject 598->600 600->597 604 dc7dcf-dc7dd3 601->604 605 dc7de3-dc7deb 601->605 602->601 603 dc7db7-dc7dbf call da0999 DeleteObject 602->603 603->601 604->605 609 dc7dd5-dc7ddd call da0999 DeleteObject 604->609 610 dc7ded-dc7df1 605->610 611 dc7e01-dc7e09 605->611 609->605 610->611 615 dc7df3-dc7dfb call da0999 DeleteObject 610->615 616 dc7e1f-dc7e27 611->616 617 dc7e0b-dc7e0f 611->617 615->611 618 dc7e3d-dc7e45 616->618 619 dc7e29-dc7e2d 616->619 617->616 622 dc7e11-dc7e19 call da0999 DeleteObject 617->622 625 dc7e5b-dc7e63 618->625 626 dc7e47-dc7e4b 618->626 619->618 624 dc7e2f-dc7e37 call da0999 DeleteObject 619->624 622->616 624->618 631 dc7e79-dc7e81 625->631 632 dc7e65-dc7e69 625->632 626->625 630 dc7e4d-dc7e55 call da0999 DeleteObject 626->630 630->625 633 dc7e97-dc7ef2 call dc7981 call ece5f0 GetTextCharsetInfo 631->633 634 dc7e83-dc7e87 631->634 632->631 637 dc7e6b-dc7e73 call da0999 DeleteObject 632->637 648 dc7ef9-dc7efd 633->648 649 dc7ef4-dc7ef7 633->649 634->633 638 dc7e89-dc7e91 call da0999 DeleteObject 634->638 637->631 638->633 650 dc7f00-dc7f07 648->650 651 dc7eff 648->651 649->650 652 dc7f09 650->652 653 dc7f0b-dc7f23 lstrcpyW 650->653 651->650 652->653 654 dc7f25-dc7f2c 653->654 655 dc7f91-dc7fdb CreateFontIndirectW call da081e call ed8403 call ecc780 653->655 654->655 656 dc7f2e-dc7f48 EnumFontFamiliesW 654->656 668 dc7fdd-dc7fdf 655->668 669 dc7fe2-dc80e8 CreateFontIndirectW call da081e call dc7981 CreateFontIndirectW call da081e CreateFontIndirectW call da081e CreateFontIndirectW call da081e GetSystemMetrics lstrcpyW CreateFontIndirectW call da081e GetStockObject 655->669 658 dc7f5f-dc7f7c EnumFontFamiliesW 656->658 659 dc7f4a-dc7f5d lstrcpyW 656->659 661 dc7f7e-dc7f83 658->661 662 dc7f85 658->662 659->655 664 dc7f8a-dc7f8b lstrcpyW 661->664 662->664 664->655 668->669 682 dc80ee-dc80fd GetObjectW 669->682 683 dc81b8-dc81c5 call dc863e 669->683 682->683 685 dc8103-dc81b3 lstrcpyW CreateFontIndirectW call da081e CreateFontIndirectW call da081e GetObjectW CreateFontIndirectW call da081e CreateFontIndirectW call da081e 682->685 689 dc81f0-dc81f2 683->689 685->683 691 dc81f4-dc8204 call d9fe38 689->691 692 dc81c7-dc81ce 689->692 698 dc8209-dc8219 call d9ffa8 call ecc41e 691->698 695 dc821a-dc821f call d98fe3 692->695 696 dc81d0-dc81da call da350d 692->696 696->689 707 dc81dc-dc81ec 696->707 707->689
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00DC7CF9
                                                                                                                                                                                                                                                      • Part of subcall function 00D9FD2D: __EH_prolog3.LIBCMT ref: 00D9FD34
                                                                                                                                                                                                                                                      • Part of subcall function 00D9FD2D: GetWindowDC.USER32(00000000,00000004,00DC8286,00000000), ref: 00D9FD60
                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(?,00000058), ref: 00DC7D19
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00DC7D83
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00DC7DA1
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00DC7DBF
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00DC7DDD
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00DC7DFB
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00DC7E19
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00DC7E37
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00DC7E55
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00DC7E73
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00DC7E91
                                                                                                                                                                                                                                                    • GetTextCharsetInfo.GDI32(?,00000000,00000000), ref: 00DC7EC9
                                                                                                                                                                                                                                                    • lstrcpyW.KERNEL32(?,?), ref: 00DC7F19
                                                                                                                                                                                                                                                    • EnumFontFamiliesW.GDI32(?,00000000,00DC781D,Segoe UI), ref: 00DC7F40
                                                                                                                                                                                                                                                    • lstrcpyW.KERNEL32(?,Segoe UI), ref: 00DC7F53
                                                                                                                                                                                                                                                    • EnumFontFamiliesW.GDI32(?,00000000,00DC781D,Tahoma), ref: 00DC7F71
                                                                                                                                                                                                                                                    • lstrcpyW.KERNEL32(?,MS Sans Serif), ref: 00DC7F8B
                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00DC7F95
                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00DC7FE6
                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00DC8025
                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00DC8051
                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00DC8072
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000048), ref: 00DC8091
                                                                                                                                                                                                                                                    • lstrcpyW.KERNEL32(?,Marlett), ref: 00DC80A4
                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00DC80AE
                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00DC80DA
                                                                                                                                                                                                                                                    • GetObjectW.GDI32(00000000,0000005C,?), ref: 00DC80F5
                                                                                                                                                                                                                                                    • lstrcpyW.KERNEL32(?,Arial), ref: 00DC8136
                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00DC8140
                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00DC8159
                                                                                                                                                                                                                                                    • GetObjectW.GDI32(00000000,0000005C,?), ref: 00DC8177
                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00DC8185
                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00DC81A6
                                                                                                                                                                                                                                                      • Part of subcall function 00DC863E: __EH_prolog3_GS.LIBCMT ref: 00DC8645
                                                                                                                                                                                                                                                      • Part of subcall function 00DC863E: GetTextMetricsW.GDI32(?,?), ref: 00DC867A
                                                                                                                                                                                                                                                      • Part of subcall function 00DC863E: GetTextMetricsW.GDI32(?,?), ref: 00DC86BB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Object$Font$CreateDeleteIndirect$lstrcpy$MetricsText$EnumFamiliesH_prolog3_$CapsCharsetDeviceH_prolog3InfoStockSystemWindow
                                                                                                                                                                                                                                                    • String ID: Arial$MS Sans Serif$Marlett$Segoe UI$Tahoma
                                                                                                                                                                                                                                                    • API String ID: 2837096512-1395034203
                                                                                                                                                                                                                                                    • Opcode ID: 1a812fa536a775569dcc31dc0d26b5dd828e36da8b64071c9a8834efb7abe4b1
                                                                                                                                                                                                                                                    • Instruction ID: c79de11de9136536a35846ef3ad3a28a3213b1a5cde9f9aad027e175c3f98247
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a812fa536a775569dcc31dc0d26b5dd828e36da8b64071c9a8834efb7abe4b1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8AE16C7190434ADFDF21ABB0CD49BEEBBB8BF45300F184499E14AA7291DB749949CF60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC8220 Relevance: 64.8, APIs: 43, Instructions: 298COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00DC8227
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000016), ref: 00DC8230
                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00DC8243
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000015), ref: 00DC825A
                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00DC8266
                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(?,0000000C), ref: 00DC828E
                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00DC829C
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000010), ref: 00DC82AA
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000015), ref: 00DC82B8
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000016), ref: 00DC82C6
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000014), ref: 00DC82D4
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000012), ref: 00DC82E2
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000011), ref: 00DC82F0
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000006), ref: 00DC82FB
                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000D), ref: 00DC8306
                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000E), ref: 00DC8311
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000005), ref: 00DC831C
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000008), ref: 00DC832A
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000009), ref: 00DC8335
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000007), ref: 00DC8340
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000002), ref: 00DC834B
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000003), ref: 00DC8356
                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000001B), ref: 00DC8364
                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000001C), ref: 00DC8372
                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000A), ref: 00DC8380
                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000B), ref: 00DC838E
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000013), ref: 00DC839C
                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000001A), ref: 00DC83C5
                                                                                                                                                                                                                                                    • GetSysColorBrush.USER32(00000010), ref: 00DC83D6
                                                                                                                                                                                                                                                    • GetSysColorBrush.USER32(00000014), ref: 00DC83E9
                                                                                                                                                                                                                                                    • GetSysColorBrush.USER32(00000005), ref: 00DC83FC
                                                                                                                                                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 00DC841D
                                                                                                                                                                                                                                                    • CreateSolidBrush.GDI32(00000010), ref: 00DC843B
                                                                                                                                                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 00DC8459
                                                                                                                                                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 00DC847A
                                                                                                                                                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 00DC8498
                                                                                                                                                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 00DC84B6
                                                                                                                                                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 00DC84D4
                                                                                                                                                                                                                                                    • CreatePen.GDI32(00000000,00000001,00000000), ref: 00DC84FA
                                                                                                                                                                                                                                                    • CreatePen.GDI32(00000000,00000001,00000000), ref: 00DC851E
                                                                                                                                                                                                                                                    • CreatePen.GDI32(00000000,00000001,00000000), ref: 00DC8542
                                                                                                                                                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 00DC85C0
                                                                                                                                                                                                                                                    • CreatePatternBrush.GDI32(00000000), ref: 00DC85FE
                                                                                                                                                                                                                                                      • Part of subcall function 00DA0925: DeleteObject.GDI32(00000000), ref: 00DA0934
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Color$BrushCreate$Solid$CapsDeleteDeviceH_prolog3ObjectPattern
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3754413814-0
                                                                                                                                                                                                                                                    • Opcode ID: d140689606b0c117ea9fbc6f613b76d25cfd29a8af31af435b8f3b074f67fffc
                                                                                                                                                                                                                                                    • Instruction ID: 6d0f60a0a9b5dda6a9ec1815ed791f521e40b7ad1b8732115e10e4e871bc9b1b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d140689606b0c117ea9fbc6f613b76d25cfd29a8af31af435b8f3b074f67fffc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3C19C71A00A0AAFDB04AFB18D19BADBB60FF49701F24412AE605E72D1DF74A515DFE0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D97C40 Relevance: 33.6, APIs: 14, Strings: 5, Instructions: 341commemoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 925 d97c40-d97c73 CoInitializeEx 926 d97c79-d97c93 CoInitializeSecurity 925->926 927 d97dbc-d97dce 925->927 928 d97c99-d97cba CoCreateInstance 926->928 929 d97db6 CoUninitialize 926->929 928->929 930 d97cc0-d97cdf call d9930b 928->930 929->927 933 d97ce1-d97cfe SysAllocString 930->933 934 d97d06 930->934 935 d97fda-d97fdf call ecd0a0 933->935 936 d97d04 933->936 937 d97d08-d97d14 934->937 940 d97fe4-d97ffc call ecd0a0 935->940 936->937 937->935 939 d97d1a-d97d4e 937->939 944 d97d50-d97d54 939->944 945 d97d85-d97d87 939->945 948 d97ffe-d98007 940->948 949 d98044-d98049 940->949 950 d97d63-d97d68 944->950 951 d97d56-d97d5d SysFreeString 944->951 946 d97d89-d97da2 CoSetProxyBlanket 945->946 947 d97dad-d97db1 945->947 952 d97dcf-d97dee call d9930b 946->952 953 d97da4-d97da8 946->953 947->929 954 d98009-d9800d 948->954 955 d9803e 948->955 956 d97d7a-d97d82 call ecc18e 950->956 957 d97d6a-d97d73 call d99343 950->957 951->950 969 d97e0c 952->969 970 d97df0-d97e0a call ecd0c0 952->970 953->947 959 d9801c-d98021 954->959 960 d9800f-d98016 SysFreeString 954->960 955->949 956->945 957->956 965 d98033-d9803b call ecc18e 959->965 966 d98023-d9802c call d99343 959->966 960->959 965->955 966->965 972 d97e0e-d97e1a 969->972 970->972 972->935 976 d97e20-d97e3c call d9930b 972->976 980 d97e5a 976->980 981 d97e3e-d97e58 call ecd0c0 976->981 983 d97e5c-d97e65 980->983 981->983 983->940 985 d97e6b-d97e92 983->985 987 d97ecc-d97ed9 985->987 988 d97e94-d97e98 985->988 989 d97edb-d97edf 987->989 990 d97f10-d97f14 987->990 991 d97e9a-d97ea1 SysFreeString 988->991 992 d97ea7-d97eac 988->992 994 d97eee-d97ef3 989->994 995 d97ee1-d97ee8 SysFreeString 989->995 990->953 993 d97f1a-d97f2d 990->993 991->992 996 d97ebe-d97ec9 call ecc18e 992->996 997 d97eae-d97eb7 call d99343 992->997 999 d97f2f 993->999 1000 d97fa6-d97fbe CoUninitialize 993->1000 1002 d97f05-d97f0d call ecc18e 994->1002 1003 d97ef5-d97efe call d99343 994->1003 995->994 996->987 997->996 1005 d97f35-d97f4b 999->1005 1015 d97fc7-d97fd9 1000->1015 1002->990 1003->1002 1005->1000 1014 d97f4d-d97f68 1005->1014 1016 d97f6c-d97f76 1014->1016 1017 d97f80-d97f8e 1016->1017 1017->1017 1018 d97f90-d97fa4 VariantClear 1017->1018 1018->1000 1018->1005
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CoInitializeEx.OLE32(00000000,00000000,8AC7FD4E,?,?,?,?,?,?,?,?,00000000,00EED18A,000000FF,?,00D95125), ref: 00D97C6B
                                                                                                                                                                                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,?,00000000), ref: 00D97C8B
                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(00EFCCD0,00000000,00000001,00EFCCC0,00000000), ref: 00D97CB2
                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(ROOT\CIMV2), ref: 00D97CF4
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32 ref: 00D97D57
                                                                                                                                                                                                                                                    • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00D97D9A
                                                                                                                                                                                                                                                    • CoUninitialize.OLE32(?,?,?,?,?,?,00000000,00EED18A,000000FF,?,00D95125), ref: 00D97DB6
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(-00000001), ref: 00D97E9B
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(-00000001), ref: 00D97EE2
                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00D97F94
                                                                                                                                                                                                                                                    • CoUninitialize.OLE32(00000000), ref: 00D97FBE
                                                                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 00D97FDF
                                                                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 00D97FE9
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(-00000001), ref: 00D98010
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: String$Free$InitializeUninitialize_com_issue_error$AllocBlanketClearCreateInstanceProxySecurityVariant
                                                                                                                                                                                                                                                    • String ID: 9AC52742-8547-84D6-5349-ECEC87A66D67$ROOT\CIMV2$SELECT * FROM Win32_ComputerSystemProduct$UUID$WQL
                                                                                                                                                                                                                                                    • API String ID: 1007591970-127477913
                                                                                                                                                                                                                                                    • Opcode ID: 4b19d2dcbaf548a41a762ec7c42f4607a10f07f050a112ce065ddb2432a6340e
                                                                                                                                                                                                                                                    • Instruction ID: 3d497bf469de880832bccfa356ae8da76e21bb6f8103aab740387a3dac5fd4a1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b19d2dcbaf548a41a762ec7c42f4607a10f07f050a112ce065ddb2432a6340e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85C1AF70A05305ABEB20DF64CD05BAABBB4EF44B14F24425DF919BB2C0D7B5A905CB60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D923A0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 260memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1020 d923a0-d923ec call d983bb 1023 d926a0-d926a5 call d97ae0 1020->1023 1024 d923f2-d9241c GetFileVersionInfoSizeW 1020->1024 1026 d926aa-d926af call d97ae0 1023->1026 1029 d92533-d92540 GlobalAlloc 1024->1029 1030 d92422-d9242b call d983bb 1024->1030 1031 d926b4-d926bf call d97ae0 1026->1031 1033 d92619-d9263b call d97250 1029->1033 1034 d92546-d9258e GetFileVersionInfoW VerQueryValueW * 2 1029->1034 1030->1026 1042 d92431-d92449 1030->1042 1044 d9263d-d92640 1033->1044 1045 d92645-d92659 1033->1045 1038 d92612-d92613 GlobalFree 1034->1038 1039 d92594-d925d9 wsprintfW VerQueryValueW 1034->1039 1038->1033 1039->1038 1043 d925db-d925e3 1039->1043 1055 d9244b-d92456 call d99249 1042->1055 1056 d924c1-d924ca call d97800 1042->1056 1046 d925e9-d925ee 1043->1046 1047 d925e5-d925e7 1043->1047 1044->1045 1048 d9265b-d9265e 1045->1048 1049 d92663-d92678 1045->1049 1052 d925f0-d925f9 1046->1052 1051 d925ff-d9260c call d97800 1047->1051 1048->1049 1053 d9267a-d9267d 1049->1053 1054 d92682-d9269f call ecbd31 1049->1054 1051->1038 1052->1052 1057 d925fb-d925fd 1052->1057 1053->1054 1063 d924cf-d924e3 1055->1063 1068 d92458-d9246a call d97320 1055->1068 1056->1063 1057->1051 1066 d924ed-d92501 1063->1066 1067 d924e5-d924e8 1063->1067 1070 d9250b-d92520 1066->1070 1071 d92503-d92506 1066->1071 1067->1066 1068->1063 1074 d9246c-d92480 1068->1074 1070->1054 1072 d92526-d9252e 1070->1072 1071->1070 1072->1054 1075 d9248a-d924ae call ed2c08 call d973b0 1074->1075 1076 d92482-d92485 call d976c0 1074->1076 1075->1031 1083 d924b4-d924bf 1075->1083 1076->1075 1083->1063
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 00D9240E
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNELBASE(00000040,00000000), ref: 00D92536
                                                                                                                                                                                                                                                    • GetFileVersionInfoW.KERNELBASE(?,00000000,?,00000000), ref: 00D92552
                                                                                                                                                                                                                                                    • VerQueryValueW.VERSION(00000000,00F2EE68,?,?), ref: 00D9256C
                                                                                                                                                                                                                                                    • VerQueryValueW.KERNELBASE(00000000,\VarFileInfo\Translation,?,?), ref: 00D92586
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00D925B2
                                                                                                                                                                                                                                                    • VerQueryValueW.VERSION(00000000,?,?,?), ref: 00D925D1
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00D92613
                                                                                                                                                                                                                                                      • Part of subcall function 00D97320: FindResourceW.KERNEL32(00000000,?,00000006,00D99E47,?,?,00D97462,00000000,00000000,?,00000000,?,00000010,?,00D9C132,?), ref: 00D97338
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • \StringFileInfo\%04x%04x\%s, xrefs: 00D925AC
                                                                                                                                                                                                                                                    • \VarFileInfo\Translation, xrefs: 00D92580
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: QueryValue$FileGlobalInfoVersion$AllocFindFreeResourceSizewsprintf
                                                                                                                                                                                                                                                    • String ID: \StringFileInfo\%04x%04x\%s$\VarFileInfo\Translation
                                                                                                                                                                                                                                                    • API String ID: 1007729861-2466519063
                                                                                                                                                                                                                                                    • Opcode ID: 61fc080a283e393a3eb2eb75004d4e1e352a2c3aeb92ea1625d430feaa386ec2
                                                                                                                                                                                                                                                    • Instruction ID: b96319c70a0e5e213ad456d03bd3e877b2405470a523828c1ef62e5f21f5f961
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61fc080a283e393a3eb2eb75004d4e1e352a2c3aeb92ea1625d430feaa386ec2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64A1A071500219AFDB14DF68CC85BAAB7B8EF44714F1882A9F909DB291DB30DE45CBB0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9B925 Relevance: 15.1, APIs: 10, Instructions: 120memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1084 d9b925-d9b944 EnterCriticalSection 1085 d9b95a-d9b95d 1084->1085 1086 d9b946-d9b94a 1084->1086 1089 d9b95f-d9b962 1085->1089 1090 d9b987-d9b989 1085->1090 1087 d9b950-d9b954 1086->1087 1088 d9ba55-d9ba64 LeaveCriticalSection call d98ffd 1086->1088 1087->1085 1092 d9ba18-d9ba1e 1087->1092 1089->1088 1093 d9b968-d9b96d 1089->1093 1094 d9b98a-d9b993 1090->1094 1099 d9ba20 1092->1099 1100 d9ba23-d9ba3c LeaveCriticalSection 1092->1100 1098 d9b970-d9b973 1093->1098 1095 d9b9aa-d9b9b7 GlobalHandle 1094->1095 1096 d9b995-d9b9a8 call d981d3 GlobalAlloc 1094->1096 1102 d9ba3d-d9ba40 1095->1102 1103 d9b9bd-d9b9d9 GlobalUnlock call d981d3 GlobalReAlloc 1095->1103 1111 d9b9df-d9b9e1 1096->1111 1104 d9b97d-d9b97f 1098->1104 1105 d9b975-d9b97b 1098->1105 1099->1100 1102->1088 1106 d9ba42-d9ba4c GlobalHandle 1102->1106 1103->1111 1104->1092 1109 d9b985 1104->1109 1105->1098 1105->1104 1106->1088 1110 d9ba4e-d9ba4f GlobalLock 1106->1110 1109->1094 1110->1088 1111->1102 1113 d9b9e3-d9b9f1 GlobalLock 1111->1113 1113->1088 1114 d9b9f3-d9ba16 call ece5f0 1113->1114 1114->1092
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00F4F2C0,?,00000010,?,00F4F2A4,00F4F2A4,?,00D9BB83,00000004,00D9AD59,00D99031,00D9924E,00D9616E,?), ref: 00D9B933
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNELBASE(00000002,00000000,?,00000010,?,00F4F2A4,00F4F2A4,?,00D9BB83,00000004,00D9AD59,00D99031,00D9924E,00D9616E,?), ref: 00D9B9A2
                                                                                                                                                                                                                                                    • GlobalHandle.KERNEL32(00F4F2B4), ref: 00D9B9AC
                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,00000010,?,00F4F2A4,00F4F2A4,?,00D9BB83,00000004,00D9AD59,00D99031,00D9924E,00D9616E,?), ref: 00D9B9BE
                                                                                                                                                                                                                                                    • GlobalReAlloc.KERNEL32(00D9616E,00000000,00002002), ref: 00D9B9D9
                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000,?,00000010,?,00F4F2A4,00F4F2A4,?,00D9BB83,00000004,00D9AD59,00D99031,00D9924E,00D9616E,?), ref: 00D9B9E4
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00F4F2C0,00D9924E,00D9616E,?,?,?,?,8AC7FD4E,?,?,00000000,80070057), ref: 00D9BA30
                                                                                                                                                                                                                                                    • GlobalHandle.KERNEL32(00F4F2B4), ref: 00D9BA44
                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000,?,00000010,?,00F4F2A4,00F4F2A4,?,00D9BB83,00000004,00D9AD59,00D99031,00D9924E,00D9616E,?), ref: 00D9BA4F
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00F4F2C0,?,00000010,?,00F4F2A4,00F4F2A4,?,00D9BB83,00000004,00D9AD59,00D99031,00D9924E,00D9616E,?), ref: 00D9BA59
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2667261700-0
                                                                                                                                                                                                                                                    • Opcode ID: 796c5e088a70a2d6dbe4bf470d6e6fcfcca4b1b06ae4bd2749e6e50a22223710
                                                                                                                                                                                                                                                    • Instruction ID: 42614966dc41fadb8b732b339a906eb66f42887bf1ecb440e9403310ff706f9c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 796c5e088a70a2d6dbe4bf470d6e6fcfcca4b1b06ae4bd2749e6e50a22223710
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E41D871500206EFEF149FA4EE89BAAB7A8FF44311F25405AE905E7155EBB0DD44CB70
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9B7B4 Relevance: 12.0, APIs: 8, Instructions: 34COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(0000000B), ref: 00D9B7BA
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000000C), ref: 00D9B7C5
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000002), ref: 00D9B7D0
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000003), ref: 00D9B7DE
                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00D9B7EC
                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 00D9B7F7
                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D9B803
                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00D9B80F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MetricsSystem$CapsDevice$CallbackDispatcherReleaseUser
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1031845853-0
                                                                                                                                                                                                                                                    • Opcode ID: 58147512fd357164a5524cc859540935830fae1f0b80825aeedd6f6264844c3b
                                                                                                                                                                                                                                                    • Instruction ID: 5518111be0ee2528291b108d019abec54bdf073ab4e6c689151c801a4fbaeabf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58147512fd357164a5524cc859540935830fae1f0b80825aeedd6f6264844c3b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FF04932940709AFE3106F73AE0DB367B60FB81B02F204566F602EA1D0DBB49509CF80
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00EE3908 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1128 ee3908-ee3914 1129 ee39a6-ee39a9 1128->1129 1130 ee39af 1129->1130 1131 ee3919-ee392a 1129->1131 1132 ee39b1-ee39b5 1130->1132 1133 ee392c-ee392f 1131->1133 1134 ee3937-ee3950 LoadLibraryExW 1131->1134 1135 ee39cf-ee39d1 1133->1135 1136 ee3935 1133->1136 1137 ee39b6-ee39c6 1134->1137 1138 ee3952-ee395b GetLastError 1134->1138 1135->1132 1140 ee39a3 1136->1140 1137->1135 1139 ee39c8-ee39c9 FreeLibrary 1137->1139 1141 ee395d-ee396f call edecee 1138->1141 1142 ee3994-ee39a1 1138->1142 1139->1135 1140->1129 1141->1142 1145 ee3971-ee3983 call edecee 1141->1145 1142->1140 1145->1142 1148 ee3985-ee3992 LoadLibraryExW 1145->1148 1148->1137 1148->1142
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,8AC7FD4E,?,00EE3A17,?,?,00000000), ref: 00EE39C9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                    • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                    • Opcode ID: 8ce54b84e7ec31623ccd25d76f5b0ef21ba703a8bd76ee4bacba3449e48e43b6
                                                                                                                                                                                                                                                    • Instruction ID: d7e791fe9bd78d3a52ac50765e6faee898d43f7556144acf80e2824f49f517f6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8ce54b84e7ec31623ccd25d76f5b0ef21ba703a8bd76ee4bacba3449e48e43b6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6215E326012589BC722D7369C4CA6E7754DFC17A8F211110FD06B7296EB71EF00D6D1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D92090 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1149 d92090-d920fe RegCreateKeyW RegQueryValueExW FindCloseChangeNotification 1150 d92101-d9210a 1149->1150 1150->1150 1151 d9210c-d92113 1150->1151 1152 d92119-d92134 call ed28ad 1151->1152 1153 d921a6-d921b3 call ecbd31 1151->1153 1158 d921a5 1152->1158 1159 d92136-d92142 call ed282f 1152->1159 1158->1153 1162 d9218f-d921a3 call ed28ad 1159->1162 1163 d92144 1159->1163 1162->1158 1162->1159 1163->1162 1165 d92159-d9215e 1163->1165 1166 d9214b-d92150 1163->1166 1167 d9218a 1163->1167 1168 d9217c-d92181 1163->1168 1169 d9216e-d92173 1163->1169 1170 d92160-d92165 1163->1170 1171 d92183-d92188 1163->1171 1172 d92152-d92157 1163->1172 1173 d92175-d9217a 1163->1173 1174 d92167-d9216c 1163->1174 1165->1162 1166->1162 1167->1162 1168->1162 1169->1162 1170->1162 1171->1162 1172->1162 1173->1162 1174->1162
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegCreateKeyW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Uninstall\Fast!,?), ref: 00D920B4
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNELBASE(?,SettingV1,00000000,?,?,?), ref: 00D920E6
                                                                                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 00D920F2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\Uninstall\Fast!, xrefs: 00D920AA
                                                                                                                                                                                                                                                    • SettingV1, xrefs: 00D920DB
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ChangeCloseCreateFindNotificationQueryValue
                                                                                                                                                                                                                                                    • String ID: SettingV1$Software\Microsoft\Windows\CurrentVersion\Uninstall\Fast!
                                                                                                                                                                                                                                                    • API String ID: 1846511420-1092914162
                                                                                                                                                                                                                                                    • Opcode ID: 50ae80dd97d08454308a61e179a5ee34f3a01ce9aa42ddd8a08b2a5c8741f4c3
                                                                                                                                                                                                                                                    • Instruction ID: 9a018056d256392fd00548c977ff8191954b3c213b43dbf3a6f56d92569e9227
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50ae80dd97d08454308a61e179a5ee34f3a01ce9aa42ddd8a08b2a5c8741f4c3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D31B674D0531EFEDF10AF20DD46BB977B4A718340F6004699B06B6252E7309555AF61
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC7A2A Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • VerSetConditionMask.KERNEL32(00000000,00000000,00000002,00000003,00000001,00000003,00000000,00F51228), ref: 00DC7A87
                                                                                                                                                                                                                                                    • VerSetConditionMask.KERNEL32(00000000), ref: 00DC7A8F
                                                                                                                                                                                                                                                    • VerifyVersionInfoW.KERNEL32(0000011C,00000003,00000000), ref: 00DC7AA0
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00001000), ref: 00DC7AB1
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: __EH_prolog3.LIBCMT ref: 00DC8227
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(00000016), ref: 00DC8230
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(0000000F), ref: 00DC8243
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(00000015), ref: 00DC825A
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(0000000F), ref: 00DC8266
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetDeviceCaps.GDI32(?,0000000C), ref: 00DC828E
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(0000000F), ref: 00DC829C
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(00000010), ref: 00DC82AA
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(00000015), ref: 00DC82B8
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(00000016), ref: 00DC82C6
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(00000014), ref: 00DC82D4
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(00000012), ref: 00DC82E2
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(00000011), ref: 00DC82F0
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(00000006), ref: 00DC82FB
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(0000000D), ref: 00DC8306
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(0000000E), ref: 00DC8311
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(00000005), ref: 00DC831C
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(00000008), ref: 00DC832A
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(00000009), ref: 00DC8335
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(00000007), ref: 00DC8340
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(00000002), ref: 00DC834B
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(00000003), ref: 00DC8356
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(0000001B), ref: 00DC8364
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(0000001C), ref: 00DC8372
                                                                                                                                                                                                                                                      • Part of subcall function 00DC8220: GetSysColor.USER32(0000000A), ref: 00DC8380
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7CEF: __EH_prolog3_GS.LIBCMT ref: 00DC7CF9
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7CEF: GetDeviceCaps.GDI32(?,00000058), ref: 00DC7D19
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7CEF: DeleteObject.GDI32(00000000), ref: 00DC7D83
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7CEF: DeleteObject.GDI32(00000000), ref: 00DC7DA1
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7CEF: DeleteObject.GDI32(00000000), ref: 00DC7DBF
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7CEF: DeleteObject.GDI32(00000000), ref: 00DC7DDD
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7CEF: DeleteObject.GDI32(00000000), ref: 00DC7DFB
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7CEF: DeleteObject.GDI32(00000000), ref: 00DC7E19
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7CEF: DeleteObject.GDI32(00000000), ref: 00DC7E37
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7B0F: GetSystemMetrics.USER32(00000031), ref: 00DC7B1D
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7B0F: GetSystemMetrics.USER32(00000032), ref: 00DC7B2B
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7B0F: SetRectEmpty.USER32(00F51394), ref: 00DC7B3E
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7B0F: EnumDisplayMonitors.USER32(00000000,00000000,00DC79A7,00F51394), ref: 00DC7B4E
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7B0F: SystemParametersInfoW.USER32(00000030,00000000,00F51394,00000000), ref: 00DC7B5D
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7B0F: SystemParametersInfoW.USER32(00001002,00000000,00F513B8,00000000), ref: 00DC7B8A
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7B0F: SystemParametersInfoW.USER32(00001012,00000000,00F513BC,00000000), ref: 00DC7B9E
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7B0F: SystemParametersInfoW.USER32(0000100A,00000000,00F513CC,00000000), ref: 00DC7BC4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Color$DeleteObjectSystem$Info$Parameters$Metrics$CapsConditionDeviceMask$DisplayEmptyEnumH_prolog3H_prolog3_MonitorsRectVerifyVersion
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 551326122-0
                                                                                                                                                                                                                                                    • Opcode ID: 1c05d01a5fb8394fbce0ef18bad8204db7d5a15e023f8997b0930275831395f1
                                                                                                                                                                                                                                                    • Instruction ID: b1001a9bf40501030276b0caf080ee8d81692861512b2bb3aa2ec529dd4489f1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c05d01a5fb8394fbce0ef18bad8204db7d5a15e023f8997b0930275831395f1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 671194B0A0021D6FD725AF719D46FEAB6BCEB89704F10045DF106A3181DB704A44CFA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00ED7A55 Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1189 ed7a55-ed7a60 1190 ed7a77-ed7a8d call ed7a05 1189->1190 1191 ed7a62-ed7a76 call ed2bf5 call ed2af7 1189->1191 1196 ed7abd 1190->1196 1197 ed7a8f-ed7aae CreateThread 1190->1197 1201 ed7ac0-ed7acd call ed7977 1196->1201 1199 ed7ace-ed7adb ResumeThread 1197->1199 1200 ed7ab0-ed7abc GetLastError call ed2b9b 1197->1200 1199->1200 1205 ed7add-ed7ae1 1199->1205 1200->1196 1205->1201
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateThread.KERNELBASE(00000000,?,Function_001478F7,00000000,00000004,00000000), ref: 00ED7AA4
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00D950F1,00D94F50,00000000,00000000), ref: 00ED7AB0
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00ED7AB7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2744730728-0
                                                                                                                                                                                                                                                    • Opcode ID: 91d2969d3e80dfea3855ed439d70fbbd8ecd4d187fb5be71d2936811edab1a81
                                                                                                                                                                                                                                                    • Instruction ID: e9e0ca78c5b5dff014a29a2f72d3fb42306d52e469fc71b30f274d574f05c609
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91d2969d3e80dfea3855ed439d70fbbd8ecd4d187fb5be71d2936811edab1a81
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C401DB72405304BFDB109F65DC05BAE7FA4DF807B5F20525AF551B22D0EB708A46D760
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D926C0 Relevance: 3.3, APIs: 2, Instructions: 330COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1208 d926c0-d9271a 1209 d92a1c-d92a4e call d97250 1208->1209 1210 d92720-d9273d 1208->1210 1216 d92a8f-d92aa4 1209->1216 1217 d92a50-d92a54 1209->1217 1212 d92740-d92751 GetDriveTypeW 1210->1212 1214 d929f5-d92a06 1212->1214 1215 d92757-d92783 call ece5f0 QueryDosDeviceW call d983bb 1212->1215 1214->1212 1219 d92a0c-d92a12 1214->1219 1231 d92788-d9278c 1215->1231 1223 d92aae-d92acb call ecbd31 1216->1223 1224 d92aa6-d92aa9 1216->1224 1220 d92a78-d92a80 1217->1220 1221 d92a56-d92a5c 1217->1221 1219->1209 1220->1217 1228 d92a82 1220->1228 1221->1220 1226 d92a5e-d92a6a call ecdb1a 1221->1226 1224->1223 1236 d92a6c-d92a70 1226->1236 1237 d92a72 1226->1237 1228->1216 1233 d92792-d927b5 1231->1233 1234 d92ad6-d92ae0 call d97ae0 1231->1234 1241 d92834-d9283d 1233->1241 1242 d927b7-d927c2 call d99249 1233->1242 1236->1237 1239 d92a84-d92a8a call d95930 1236->1239 1237->1220 1239->1216 1244 d92840-d92849 1241->1244 1249 d92868-d92878 1242->1249 1250 d927c8-d927d6 call d97320 1242->1250 1244->1244 1246 d9284b-d92862 call d97800 1244->1246 1246->1249 1251 d9287a-d92892 call d97250 1249->1251 1252 d92894-d928a1 call d96b20 1249->1252 1250->1249 1258 d927dc-d927f4 1250->1258 1260 d928a6-d928b8 1251->1260 1252->1260 1261 d92808-d92823 call ed2c08 call d973b0 1258->1261 1262 d927f6-d92802 call d976c0 1258->1262 1263 d928ba-d928bd 1260->1263 1264 d928c2-d928cb call d983bb 1260->1264 1274 d92829-d92832 1261->1274 1275 d92acc-d92ad1 call d97ae0 1261->1275 1262->1261 1263->1264 1264->1234 1272 d928d1-d928f1 1264->1272 1278 d92970-d92973 1272->1278 1279 d928f3-d928fe call d99249 1272->1279 1274->1249 1275->1234 1280 d92976-d9297f 1278->1280 1285 d9299b-d929ab 1279->1285 1286 d92904-d92912 call d97320 1279->1286 1280->1280 1282 d92981-d92995 call d97800 1280->1282 1282->1285 1289 d929ad-d929c5 call d97250 1285->1289 1290 d929c7-d929d4 call d96b20 1285->1290 1286->1285 1294 d92918-d92930 1286->1294 1296 d929d9-d929eb 1289->1296 1290->1296 1297 d92932-d9293e call d976c0 1294->1297 1298 d92944-d9295f call ed2c08 call d973b0 1294->1298 1296->1214 1299 d929ed-d929f0 1296->1299 1297->1298 1298->1275 1306 d92965-d9296e 1298->1306 1299->1214 1306->1285
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDriveTypeW.KERNELBASE(?,8AC7FD4E), ref: 00D92748
                                                                                                                                                                                                                                                    • QueryDosDeviceW.KERNELBASE(?,?,00000103), ref: 00D9277D
                                                                                                                                                                                                                                                      • Part of subcall function 00D97320: FindResourceW.KERNEL32(00000000,?,00000006,00D99E47,?,?,00D97462,00000000,00000000,?,00000000,?,00000010,?,00D9C132,?), ref: 00D97338
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DeviceDriveFindQueryResourceType
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2330459091-0
                                                                                                                                                                                                                                                    • Opcode ID: 4ee3113a1cbc94d839e71e8c90eaa20fcbc9f99c050c449836d659208a490dc7
                                                                                                                                                                                                                                                    • Instruction ID: dbab48f75ac7a33fbd57fa2c4d5bd22cd1e478650bd2a4531b8b07c293255a6e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ee3113a1cbc94d839e71e8c90eaa20fcbc9f99c050c449836d659208a490dc7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75C1AC75900205ABDF24DF68DC89BAAB7F8EF45314F1841A9E806A7251EB34AE45CF70
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00ED78F7 Relevance: 3.0, APIs: 2, Instructions: 39threadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1307 ed78f7-ed7908 call ecc630 1310 ed790a-ed7911 GetLastError ExitThread 1307->1310 1311 ed7917-ed792a call ee14aa call ee3eb7 1307->1311 1316 ed793c-ed794d 1311->1316 1317 ed792c-ed7939 call ee3d2c 1311->1317 1326 ed794d call d94040 1316->1326 1327 ed794d call d92bb0 1316->1327 1317->1316 1321 ed794f-ed796a call ed7aeb call edfbca 1326->1321 1327->1321
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00F45800,0000000C), ref: 00ED790A
                                                                                                                                                                                                                                                    • ExitThread.KERNEL32 ref: 00ED7911
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorExitLastThread
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1611280651-0
                                                                                                                                                                                                                                                    • Opcode ID: 2efafa7fe8b479a8bd88cec3eefc6f8628dbd8f04c89ffbbcf5c1464efa83843
                                                                                                                                                                                                                                                    • Instruction ID: 340393ddd9e047cb8fe5c9a9e681fa832971807d09477e6bb1031cd2375e22e4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2efafa7fe8b479a8bd88cec3eefc6f8628dbd8f04c89ffbbcf5c1464efa83843
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DF08131A40608AFDB04AB70D90AB2E37B0EF84711F31905AF40577392DB715906CB91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00EE39D3 Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 8ba3c0109d48bf7104657f4656f35ae218603da90480d0d56bd7402b6fd776cf
                                                                                                                                                                                                                                                    • Instruction ID: 81207d55957e3d9c1434db0b70f999d0064d69db972b281237ceda01f6511941
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8ba3c0109d48bf7104657f4656f35ae218603da90480d0d56bd7402b6fd776cf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E01493720025C6FDB02CE79EC4496A33E5ABD13643209134F90AE7095EB30D9459B81
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9BB3C Relevance: 1.5, APIs: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00D9BB43
                                                                                                                                                                                                                                                      • Part of subcall function 00D9B818: TlsAlloc.KERNEL32(00000010,00D9BB6F,00000004,00D9AD59,00D99031,00D9924E,00D9616E,?,?,?,?,8AC7FD4E,?,?,00000000,80070057), ref: 00D9B837
                                                                                                                                                                                                                                                      • Part of subcall function 00D9B818: InitializeCriticalSection.KERNEL32(00F4F2C0,?,?,?,8AC7FD4E,?,?,00000000,80070057), ref: 00D9B848
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocCriticalH_prolog3InitializeSection
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2369468792-0
                                                                                                                                                                                                                                                    • Opcode ID: d6def65093a5b83e68048c53b8f8aa6760dc2c8ea81e35d443a397b9a6aa8a51
                                                                                                                                                                                                                                                    • Instruction ID: 4b5e8d776901d94c72f998ae4e202715607c2603f4b02f75d10eda7ba80648b4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6def65093a5b83e68048c53b8f8aa6760dc2c8ea81e35d443a397b9a6aa8a51
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14017138A002168BDF14EF79EA56A693B61EF50364F15413AE8159B2A1DF70CD41DB70
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00EE1895 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00ED7BF2,00000000,?,00ED7BF2,00000000), ref: 00EE18C7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                    • Opcode ID: 43efba519e39990edb33defc3e3de4e1fda5e5ef2dd40093068322fd08416b2b
                                                                                                                                                                                                                                                    • Instruction ID: d33ea63d648e51357bd78b8edd1229bffcd3d9f3d1616bc1a2e2620e91ff737e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43efba519e39990edb33defc3e3de4e1fda5e5ef2dd40093068322fd08416b2b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56E02B312043EDABE7252ABB9C00B9B768C9F513E4F1432A1EC04B6491DB70DC8093AC
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC7981 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000029,?,?,00000000), ref: 00DC799D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3098949447-0
                                                                                                                                                                                                                                                    • Opcode ID: f27c96ebec670667321136b11177817e1f45323386c9eea4f35592802a5c1ca1
                                                                                                                                                                                                                                                    • Instruction ID: 2d53a71ac4ba39a935a1c3d3467aae07fe6f9944e3f11bf81bb9b995c362036d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f27c96ebec670667321136b11177817e1f45323386c9eea4f35592802a5c1ca1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07D0C9B0144209AFE7015B41DD09FA277A8AB55704F644064F60C5E1A1C7B26811CFA4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DA0925 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00DA0934
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DeleteObject
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1531683806-0
                                                                                                                                                                                                                                                    • Opcode ID: 83b258155f3db842961109b1bf3b5b3848e04fa0b80e83d00c8d7f1677368e3e
                                                                                                                                                                                                                                                    • Instruction ID: 1b526c18af4e8aa371d590ca7547b3bbcb1c52b33bc50e8cbdb9bb575e6e9059
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83b258155f3db842961109b1bf3b5b3848e04fa0b80e83d00c8d7f1677368e3e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22B092A4811206AEEE0067309A083273D58AB8A30AF38A894E004A6012EA39C086CDA4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00DBA85F Relevance: 28.9, APIs: 19, Instructions: 389windowkeyboardCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MessageBeep.USER32(000000FF), ref: 00DBA883
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00DBA8D4
                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000010), ref: 00DBA907
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,000000FF,?), ref: 00DBA926
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$Send$BeepState
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4005977132-0
                                                                                                                                                                                                                                                    • Opcode ID: c0191337e68ed89f334aab22885522ccbf436d4fe7a1973cbb60f9a71b649089
                                                                                                                                                                                                                                                    • Instruction ID: bd192483a7c9db88f3c83367d89bc8622e149ea002e7d523ef869ce5ce8709b3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0191337e68ed89f334aab22885522ccbf436d4fe7a1973cbb60f9a71b649089
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DED11875A00208FFCF21DBA8C998EEEBBB9FB44310F240656F552E2190D731AA44DB71
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9E91D Relevance: 10.6, APIs: 7, Instructions: 138fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00D9E927
                                                                                                                                                                                                                                                    • PathIsUNCW.SHLWAPI(?,?,?), ref: 00D9E9D7
                                                                                                                                                                                                                                                    • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00D9E9FB
                                                                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,00000104,?,?,00000268,00D9E13A,?,?,00000000), ref: 00D9E95A
                                                                                                                                                                                                                                                      • Part of subcall function 00D9E8DB: GetLastError.KERNEL32(?,?,?,00D9EA0C,?,?), ref: 00D9E8E7
                                                                                                                                                                                                                                                      • Part of subcall function 00D9E1B3: PathStripToRootW.SHLWAPI(00000000), ref: 00D9E1E7
                                                                                                                                                                                                                                                    • CharUpperW.USER32(?), ref: 00D9EA29
                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00D9EA41
                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00D9EA4D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Path$Find$CharCloseErrorFileFirstFullH_prolog3_InformationLastNameRootStripUpperVolume
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2323451338-0
                                                                                                                                                                                                                                                    • Opcode ID: 03fc6ecb4545244dd3a88340efeddf1795b83cf44f739e0cdd94fcf028ec9621
                                                                                                                                                                                                                                                    • Instruction ID: 296c5b885c272ccbc30cca1dcdb935dc1ca8a9bd1ec409be2534f03732c8706d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 03fc6ecb4545244dd3a88340efeddf1795b83cf44f739e0cdd94fcf028ec9621
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89417F70914215AFEF24EB65CD89ABEB36DFF40300F244699F459A2161EB31AE85CA70
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00EDC990 Relevance: 6.5, APIs: 4, Instructions: 455COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 719b34867d7d851a6ee3886bc2085a474a7f9877c264c83752702755200aaef7
                                                                                                                                                                                                                                                    • Instruction ID: a84014c3fe1a62498bee71d7440bc2fac6cbacaa83f894cd223d7916e3efca4b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 719b34867d7d851a6ee3886bc2085a474a7f9877c264c83752702755200aaef7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0022B71E0121A9BDF14CFA9C9806AEFBF1FF48354F25926AD919B7340D731A942CB90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D97320 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FindResourceW.KERNEL32(00000000,?,00000006,00D99E47,?,?,00D97462,00000000,00000000,?,00000000,?,00000010,?,00D9C132,?), ref: 00D97338
                                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,00000000,?,00D97462,00000000,00000000,?,00000000,?,00000010,?,00D9C132,?,00000004,00D9C10B), ref: 00D9734C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Resource$FindLoad
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2619053042-0
                                                                                                                                                                                                                                                    • Opcode ID: 569e3950edf7d055ec59685f0f6d0e711953e7a678917e262839295419e706d3
                                                                                                                                                                                                                                                    • Instruction ID: 690fdebd5dd2ab2d67ca193f164130ddde5f38f5fd7c9ccdeb69ac5881e76b6e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 569e3950edf7d055ec59685f0f6d0e711953e7a678917e262839295419e706d3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F601D633B15229AFCF201FAAAC444BAB39CEB847A67258427FD5DD7200D671EC0497A0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D99539 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup), ref: 00D9954D
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00D99584
                                                                                                                                                                                                                                                      • Part of subcall function 00D99658: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00D99708
                                                                                                                                                                                                                                                      • Part of subcall function 00D99658: SetLastError.KERNEL32(0000006F), ref: 00D9971C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • IsolationAware function called after IsolationAwareCleanup, xrefs: 00D99548
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$DebugFileModuleNameOutputString
                                                                                                                                                                                                                                                    • String ID: IsolationAware function called after IsolationAwareCleanup
                                                                                                                                                                                                                                                    • API String ID: 3265401609-2690750368
                                                                                                                                                                                                                                                    • Opcode ID: 84f3ef3f7f8a386ce26b97d9e7ca939ff321e4d755813ebe4bff99920994a195
                                                                                                                                                                                                                                                    • Instruction ID: f915d399d071cb5dcb2d3cd533913f5a1804339179b2067d59e924d8dca08f5c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84f3ef3f7f8a386ce26b97d9e7ca939ff321e4d755813ebe4bff99920994a195
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7F028B958211887AF7A1BADAC6057BF2689B1975032A003EFD09D1170D121CD42D7F5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00EE324F Relevance: 1.9, APIs: 1, Instructions: 408timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00EE3694,00000000,00000000,00000000), ref: 00EE3553
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InformationTimeZone
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 565725191-0
                                                                                                                                                                                                                                                    • Opcode ID: e4d3584b968e20d676d039d3192895d5caf80cff40f886497bdf41a65a16a61a
                                                                                                                                                                                                                                                    • Instruction ID: 82c1aefb4794c0980f466274ed8f08a74438f3d0a8ad62800b0c40ff43971576
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4d3584b968e20d676d039d3192895d5caf80cff40f886497bdf41a65a16a61a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ECC15971A0025DABCB11AF76CC06ABE7BB9EF04750F14506AF905BB291EB708F41C790
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DDC850 Relevance: 66.7, APIs: 19, Strings: 19, Instructions: 195COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,WINDOW,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDC86C
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,TOOLBAR,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDC88B
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,BUTTON,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDC8AA
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,STATUS,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDC8C9
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,REBAR,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDC8E8
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,COMBOBOX,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDC907
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,PROGRESS,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDC926
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,HEADER,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDC945
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,SCROLLBAR,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDC964
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,EXPLORERBAR,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDC983
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,TREEVIEW,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDC9A2
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,STARTPANEL,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDC9C1
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,TASKBAND,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDC9E0
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,TASKBAR,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDC9FF
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,SPIN,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDCA1E
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,TAB,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDCA3D
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,TOOLTIP,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDCA5C
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,TRACKBAR,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDCA7B
                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(00000000,MENU,?,?,00DD461D,?,00DD466C,00000004,00DB1F31,00000000,00000004,00DB1DB5), ref: 00DDCA96
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DataOpenTheme
                                                                                                                                                                                                                                                    • String ID: BUTTON$COMBOBOX$EXPLORERBAR$HEADER$MENU$PROGRESS$REBAR$SCROLLBAR$SPIN$STARTPANEL$STATUS$TAB$TASKBAND$TASKBAR$TOOLBAR$TOOLTIP$TRACKBAR$TREEVIEW$WINDOW
                                                                                                                                                                                                                                                    • API String ID: 1744092376-1233129369
                                                                                                                                                                                                                                                    • Opcode ID: f170de875346f496bc1b39d762c0ee3d046a39c136eb9153d9a21d2625a8b33f
                                                                                                                                                                                                                                                    • Instruction ID: 076d0b44e41ed32c85bb722c4d8ffc94ef42c5f7fd94a35e90d1972119e08490
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f170de875346f496bc1b39d762c0ee3d046a39c136eb9153d9a21d2625a8b33f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2618F78B50712AFCF00AFB5DB08D267AA4BF88741B252516B845DB352E770E810EBB0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DCC174 Relevance: 44.1, APIs: 24, Strings: 1, Instructions: 327fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00DCC17E
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00EFFDCC,00000000,00F05F24,00000000,00F2EE68,00000000,?,00000A88,00DCD404,?,00000000,00000038,00DCC0BA), ref: 00DCC21D
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00F2EE68,00000000,?,00000A88,00DCD404,?,00000000,00000038,00DCC0BA), ref: 00DCC2D0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$CreateH_prolog3_ModuleName
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3408945735-3916222277
                                                                                                                                                                                                                                                    • Opcode ID: 07dba13bed4e11f63d558ba899867d669ec4627d4306a8eca7aadd626e530175
                                                                                                                                                                                                                                                    • Instruction ID: ba81121839c795b38c39cb24490317a3dad39ec98f7c36afdf1278f34cde1f8e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07dba13bed4e11f63d558ba899867d669ec4627d4306a8eca7aadd626e530175
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6EC17072A10219AEDF209F60DC45FBA77B8EF49310F2440A9FA09A3591DB709E85CF71
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC9731 Relevance: 34.7, APIs: 23, Instructions: 236windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00DC973B
                                                                                                                                                                                                                                                    • CopyImage.USER32 ref: 00DC9771
                                                                                                                                                                                                                                                      • Part of subcall function 00DCCDD4: __EH_prolog3_GS.LIBCMT ref: 00DCCDDE
                                                                                                                                                                                                                                                      • Part of subcall function 00DCCDD4: GetObjectW.GDI32(?,00000018,?), ref: 00DCCE00
                                                                                                                                                                                                                                                      • Part of subcall function 00DCCDD4: GetObjectW.GDI32(?,00000054,?), ref: 00DCCE45
                                                                                                                                                                                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 00DC97AB
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00DC9828
                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00DC9856
                                                                                                                                                                                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 00DC9872
                                                                                                                                                                                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 00DC98BC
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00DC98DF
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00DC9916
                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00DC993C
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00DC9957
                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 00DC9987
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00DC99A5
                                                                                                                                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00DC99E4
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00DC99F9
                                                                                                                                                                                                                                                    • BitBlt.GDI32(?,?,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00DC9A2F
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00DC9A41
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00DC9A52
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00DC9A63
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00DC9AAB
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00DC9AC3
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00DC9AD4
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00DC9AE0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Object$Select$Delete$CompatibleCreate$H_prolog3_$BitmapCopyImage
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1780083495-0
                                                                                                                                                                                                                                                    • Opcode ID: fe3a734380f9d71ccec552a347dd6c3c86efb6f27ea6a5a348b38456996e58ce
                                                                                                                                                                                                                                                    • Instruction ID: afb288cc97053b802f405ac613a225f6f23a2e1f5df6f8ef20de3c725facffe2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe3a734380f9d71ccec552a347dd6c3c86efb6f27ea6a5a348b38456996e58ce
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54A1F87190162AEFDB219F61CD58BEABBB8FF48311F144198E549A3160DB309E94DFA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DD49D7 Relevance: 28.6, APIs: 19, Instructions: 80COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(00000000,?,00DD4897), ref: 00DD49E3
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(00000000,?,00DD4897), ref: 00DD49F2
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(00000000,?,00DD4897), ref: 00DD4A01
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(00000000,?,?,?,00DD4897), ref: 00DD4A10
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(00000000,?,?,?,00DD4897), ref: 00DD4A1F
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(?,?,?,?,00DD4897), ref: 00DD4A2E
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(00000000,?,?,?,?,?,00DD4897), ref: 00DD4A3D
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(?,?,?,?,?,?,00DD4897), ref: 00DD4A4C
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(00000000,?,?,?,?,?,?,?,00DD4897), ref: 00DD4A5B
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(?,?,?,?,?,?,?,?,00DD4897), ref: 00DD4A6A
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(00000000,?,?,?,?,?,?,?,?,?,00DD4897), ref: 00DD4A79
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(?,?,?,?,?,?,?,?,?,?,00DD4897), ref: 00DD4A88
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(00000000,?,?,?,?,?,?,?,?,?,?,?,00DD4897), ref: 00DD4A97
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(?,?,?,?,?,?,?,?,?,?,?,?,00DD4897), ref: 00DD4AA6
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00DD4897), ref: 00DD4AB5
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(00000000), ref: 00DD4AC4
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(00000000), ref: 00DD4AD3
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(?), ref: 00DD4AE2
                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(00000000), ref: 00DD4AF1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseDataTheme
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2797872399-0
                                                                                                                                                                                                                                                    • Opcode ID: da8776b35e9b43682e7f22ae507ff8899055878e2a7f96c7c3166c5544388024
                                                                                                                                                                                                                                                    • Instruction ID: 4d461e3b50bea8582682dce1a260991f9523b119566e8a23c1c2910eaaee598a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da8776b35e9b43682e7f22ae507ff8899055878e2a7f96c7c3166c5544388024
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1631FC30040A44CFE7395F16DA0C766BAF3BF8070AF685929E08661CB0D771B888CF15
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DAE523 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00003020), ref: 00DAE54B
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00003020), ref: 00DAE576
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00DAE591
                                                                                                                                                                                                                                                    • MapDialogRect.USER32(?,?), ref: 00DAE5B9
                                                                                                                                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,00000020,00000016), ref: 00DAE5E3
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00DAE5F4
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00DAE606
                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000015), ref: 00DAE62A
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00DAE63F
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00DAE6A2
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00DAE6B9
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00DAE6C8
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00DAE6F1
                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000000), ref: 00DAE700
                                                                                                                                                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 00DAE709
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$Rect$Item$DialogEnableShow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 763981185-3916222277
                                                                                                                                                                                                                                                    • Opcode ID: bb9aca0a71d65039b23e8484150d1d4aa69151c40f464694d2912f35e8d5894d
                                                                                                                                                                                                                                                    • Instruction ID: 8176814c08cc792fdb60f854fffd8ec29d03ff79765082207edfdedfb54b9db5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb9aca0a71d65039b23e8484150d1d4aa69151c40f464694d2912f35e8d5894d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9261E971A00209AFEB14DFA9CD89ABFBBB9FF89700F64051AE505B2291D7709944DB70
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC3379 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 271windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00DC3380
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00DC33D1
                                                                                                                                                                                                                                                    • ClientToScreen.USER32(?,0000004E), ref: 00DC3406
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00DC346D
                                                                                                                                                                                                                                                    • SHGetDesktopFolder.SHELL32(?), ref: 00DC3496
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DC34C4
                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00DC3514
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$ClientCreateDesktopFolderH_prolog3_MenuParentPopupScreen
                                                                                                                                                                                                                                                    • String ID: $
                                                                                                                                                                                                                                                    • API String ID: 2088741424-3993045852
                                                                                                                                                                                                                                                    • Opcode ID: 1f2fe891df208affaa3246bdedf14c1ec0574ee7b977fdc8526997205ffe63a1
                                                                                                                                                                                                                                                    • Instruction ID: ff7ba5fea1a015f82eca873f3038c45fcea9e9ca6b6d0d4c2a22b3dd0ce514d7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f2fe891df208affaa3246bdedf14c1ec0574ee7b977fdc8526997205ffe63a1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54A13970A0021AAFDB15DFA5D944FEDBBB5EF48710F248129F905B72A0DB719A05CFA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00E477DD Relevance: 24.4, APIs: 16, Instructions: 392COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00E477E4
                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00E478A8
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00E478DC
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00E47903
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00E47921
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00E4794C
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00E4797C
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 00E479CA
                                                                                                                                                                                                                                                    • OffsetRect.USER32(?,?,00000000), ref: 00E479DF
                                                                                                                                                                                                                                                      • Part of subcall function 00E75C5A: __EH_prolog3.LIBCMT ref: 00E75C61
                                                                                                                                                                                                                                                      • Part of subcall function 00E75C5A: SetRectEmpty.USER32 ref: 00E75D61
                                                                                                                                                                                                                                                      • Part of subcall function 00E75C5A: SetRectEmpty.USER32(?), ref: 00E75D68
                                                                                                                                                                                                                                                    • SetRectEmpty.USER32(?), ref: 00E47A06
                                                                                                                                                                                                                                                    • OffsetRect.USER32(?,?,?), ref: 00E47B9F
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00E47BBF
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00E47BF6
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,00000000,00000000), ref: 00E47C0A
                                                                                                                                                                                                                                                    • OffsetRect.USER32(?,00000000,?), ref: 00E47C31
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00E47C4C
                                                                                                                                                                                                                                                      • Part of subcall function 00E47629: SetRectEmpty.USER32(?), ref: 00E4767D
                                                                                                                                                                                                                                                      • Part of subcall function 00E47629: IsRectEmpty.USER32(?), ref: 00E47687
                                                                                                                                                                                                                                                      • Part of subcall function 00E47629: SetRectEmpty.USER32(?), ref: 00E476E3
                                                                                                                                                                                                                                                      • Part of subcall function 00E47629: SetRectEmpty.USER32(00000001), ref: 00E476EC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$Empty$Offset$Window$CursorH_prolog3H_prolog3_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 359163869-0
                                                                                                                                                                                                                                                    • Opcode ID: 6ee0668ab7104bce5ba280223b8e6eef56c0edb599dab4c691dd21881c6a2c5e
                                                                                                                                                                                                                                                    • Instruction ID: b65b8a87886db8015c7033210917f32eedd6a7882938e42eea79471d0fca753d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ee0668ab7104bce5ba280223b8e6eef56c0edb599dab4c691dd21881c6a2c5e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7E19D31A042098FCF15DFA4D984AADBBB6FF88304F245069E945BB255EB31AD46CF90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DCC9AF Relevance: 24.2, APIs: 16, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00DCC9B6
                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00DCC9E4
                                                                                                                                                                                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 00DCC9FD
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00DCCA19
                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00DCCA3A
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00DCCA4B
                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 00DCCA65
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00DCCA7A
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00DCCA8B
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00DCCA94
                                                                                                                                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,000000FF,?,?,00000000,00000000,00CC0020), ref: 00DCCAB4
                                                                                                                                                                                                                                                    • GetPixel.GDI32(?,?,00000000), ref: 00DCCADA
                                                                                                                                                                                                                                                    • SetPixel.GDI32(?,?,00000000,00000000), ref: 00DCCB21
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00DCCB48
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00DCCB52
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00DCCB5A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Object$Select$CompatibleCreate$DeletePixel$BitmapH_prolog3
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3639146769-0
                                                                                                                                                                                                                                                    • Opcode ID: 80aa30f65b9f82ec02a4365d58e01fb7c55f4936db4a442f134f62b40a0895d6
                                                                                                                                                                                                                                                    • Instruction ID: c24f84ce47e3b9e54549f5a00a17dcd6d696a29242c38101f67337debb782b40
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80aa30f65b9f82ec02a4365d58e01fb7c55f4936db4a442f134f62b40a0895d6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E51E23191021AEFCF119FE1DD49EAEBB79FF48311B240129F619A31A0DB319D16DBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB569B Relevance: 22.7, APIs: 15, Instructions: 176windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00DB56A2
                                                                                                                                                                                                                                                    • GetIconInfo.USER32(?,?), ref: 00DB5743
                                                                                                                                                                                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 00DB5752
                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00DB5781
                                                                                                                                                                                                                                                    • CopyImage.USER32(?,00000000,00000000,00000000,00002000), ref: 00DB579D
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00DB57B2
                                                                                                                                                                                                                                                    • FillRect.USER32(?,?,?), ref: 00DB57F5
                                                                                                                                                                                                                                                    • DrawIconEx.USER32(?,00000000,00000000,?,?,?,00000000,00000000,00000003), ref: 00DB5816
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00DB5827
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00DB5830
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00DB5845
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00DB584E
                                                                                                                                                                                                                                                    • DestroyCursor.USER32(?), ref: 00DB58A1
                                                                                                                                                                                                                                                    • DestroyCursor.USER32(?), ref: 00DB58AE
                                                                                                                                                                                                                                                    • DestroyCursor.USER32(?), ref: 00DB58B9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Object$CursorDeleteDestroy$IconSelect$CompatibleCopyCreateDrawFillH_prolog3_ImageInfoRect
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 233185908-0
                                                                                                                                                                                                                                                    • Opcode ID: c2aab0bebff99a2fbbb4a11655bb348ce1e342f46fc1d9448c7ba849440d7288
                                                                                                                                                                                                                                                    • Instruction ID: 0d7fb5610d864bf3554aa61c4705add8120209e46b8497c8efa3812f8038869a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2aab0bebff99a2fbbb4a11655bb348ce1e342f46fc1d9448c7ba849440d7288
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03612575A00609DFDB15DFA4D995BEEBBB5FB48300F248129F802B6265DB319D05CF60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB149A Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 216COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00DB14A1
                                                                                                                                                                                                                                                      • Part of subcall function 00DB382D: __EH_prolog3.LIBCMT ref: 00DB3834
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                    • String ID: MFCButton$MFCColorButton$MFCEditBrowse$MFCFontComboBox$MFCLink$MFCMaskedEdit$MFCMenuButton$MFCPropertyGrid$MFCShellList$MFCShellTree$MFCVSListBox
                                                                                                                                                                                                                                                    • API String ID: 431132790-2110171958
                                                                                                                                                                                                                                                    • Opcode ID: 50ea5b1b437fdaed6239f89ca4e009e28f165bdb01879e2e116a4383f04d7630
                                                                                                                                                                                                                                                    • Instruction ID: e7f68a2d8da043d2a2b44529ded4b13f318a61227c2c12f4be933d360fedb1b2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 50ea5b1b437fdaed6239f89ca4e009e28f165bdb01879e2e116a4383f04d7630
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8261E53990830AD5DF14EBF8A9227ED67E49F02350F6C002EA042E72C2DE34CA45D775
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DCB43B Relevance: 19.8, APIs: 13, Instructions: 321windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00DCB45C
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00DCB47E
                                                                                                                                                                                                                                                    • IntersectRect.USER32(?,?,?), ref: 00DCB4F6
                                                                                                                                                                                                                                                    • IntersectRect.USER32(?,?,?), ref: 00DCB59A
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00DCB5D8
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00DCB5EA
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?), ref: 00DCB607
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00DCB620
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00DCB63F
                                                                                                                                                                                                                                                    • AlphaBlend.MSIMG32(?,?,?,?,?,00000000,?,?,?,?,?), ref: 00DCB6B1
                                                                                                                                                                                                                                                    • StretchBlt.GDI32(?,?,?,?,?,?,?,?,?,00CC0020), ref: 00DCB6F9
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?), ref: 00DCB70B
                                                                                                                                                                                                                                                    • SetRectEmpty.USER32(?), ref: 00DCB78A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$Empty$IntersectObjectSelect$AlphaBlendStretch
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3434778532-0
                                                                                                                                                                                                                                                    • Opcode ID: 2da9a0a1e644a4559c8f1b9908339aa5a44a28f3549719d5c9b95f46f3aadb8b
                                                                                                                                                                                                                                                    • Instruction ID: dd6ca0e1a3c0cfe9b6c2ac416be4d1230a8e0d1c9894324fbe9d995f0a0b7b33
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2da9a0a1e644a4559c8f1b9908339aa5a44a28f3549719d5c9b95f46f3aadb8b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06D1C376A0020AAFCF15CFA8C985EEEBBB5FF48324F19451AE915E7250D730E945CB60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB6290 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 343windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RealizePalette.GDI32(?), ref: 00DB62D8
                                                                                                                                                                                                                                                    • InflateRect.USER32(?,000000FE,000000FE), ref: 00DB63DA
                                                                                                                                                                                                                                                      • Part of subcall function 00DB6A87: __EH_prolog3.LIBCMT ref: 00DB6A8E
                                                                                                                                                                                                                                                      • Part of subcall function 00DB6A87: GetSystemPaletteEntries.GDI32(?,00000000,00000100,00000004), ref: 00DB6B05
                                                                                                                                                                                                                                                      • Part of subcall function 00DB6A87: CreatePalette.GDI32(00000000), ref: 00DB6B52
                                                                                                                                                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 00DB6405
                                                                                                                                                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 00DB6430
                                                                                                                                                                                                                                                    • GetNearestPaletteIndex.GDI32(?,?), ref: 00DB645F
                                                                                                                                                                                                                                                    • FillRect.USER32(?,?,?), ref: 00DB6481
                                                                                                                                                                                                                                                    • InflateRect.USER32(?,000000FE,000000FE), ref: 00DB64A8
                                                                                                                                                                                                                                                    • FillRect.USER32(?,?,-00000098), ref: 00DB6522
                                                                                                                                                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 00DB656F
                                                                                                                                                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 00DB663D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$Inflate$Palette$Fill$CreateEntriesH_prolog3IndexNearestRealizeSystem
                                                                                                                                                                                                                                                    • String ID: `
                                                                                                                                                                                                                                                    • API String ID: 1028858568-4168407445
                                                                                                                                                                                                                                                    • Opcode ID: b96fffbc4b7876e0ec8b01d5c2c69fd6db651f1e195c59012fdd774668ab61c1
                                                                                                                                                                                                                                                    • Instruction ID: bc176cb1bbf56371e0cbc02636baa4c90a9bcb46a4590f6d5da8244c09567310
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b96fffbc4b7876e0ec8b01d5c2c69fd6db651f1e195c59012fdd774668ab61c1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DD12C71900118DFCB01EFA4C955AEEB7BAFF49320F244255F816AB2A1DB75AD05CBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DBCABA Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 160windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetRectEmpty.USER32(?), ref: 00DBCAE1
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(?,00007904), ref: 00DBCB07
                                                                                                                                                                                                                                                    • LoadCursorW.USER32(?,00007905), ref: 00DBCB3A
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000120A,00000000,00000006), ref: 00DBCB9A
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000120A,00000001,00000006), ref: 00DBCBD0
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00000001,00000000), ref: 00DBCC2B
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000418,00000000,?), ref: 00DBCC59
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DBCC95
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$CursorLoad$EmptyParentRect
                                                                                                                                                                                                                                                    • String ID: Property$Value$d
                                                                                                                                                                                                                                                    • API String ID: 2284761715-1409410049
                                                                                                                                                                                                                                                    • Opcode ID: 0cbeffe7025d77669638f18bc12ca66cb9b534090f64854871ae555335f476f0
                                                                                                                                                                                                                                                    • Instruction ID: d77762051de0114a11aee5f2edc89af306b21aad4de6530b96bc4521a3365e32
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cbeffe7025d77669638f18bc12ca66cb9b534090f64854871ae555335f476f0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E51B371A10219EFDB14AF65CD99EFDBBB5FF48300F14006AF50AA72A1DB706804CBA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DBE880 Relevance: 16.6, APIs: 11, Instructions: 144windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCapture.USER32 ref: 00DBE8BC
                                                                                                                                                                                                                                                    • ReleaseCapture.USER32 ref: 00DBE8C6
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00DBE8E0
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000015), ref: 00DBE901
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000015), ref: 00DBE929
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000120C,00000000,00000001), ref: 00DBE969
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000120C,00000001,00000001), ref: 00DBE99D
                                                                                                                                                                                                                                                    • GetCapture.USER32 ref: 00DBE9C5
                                                                                                                                                                                                                                                    • ReleaseCapture.USER32 ref: 00DBE9CF
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00DBE9E9
                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00DBEA3F
                                                                                                                                                                                                                                                      • Part of subcall function 00DC0775: __EH_prolog3_GS.LIBCMT ref: 00DC077C
                                                                                                                                                                                                                                                      • Part of subcall function 00DC0775: IsRectEmpty.USER32(?), ref: 00DC0797
                                                                                                                                                                                                                                                      • Part of subcall function 00DC0775: InvertRect.USER32(?,?), ref: 00DC07AD
                                                                                                                                                                                                                                                      • Part of subcall function 00DC0775: SetRectEmpty.USER32(?), ref: 00DC07BA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$Capture$ClientEmptyMessageMetricsReleaseSendSystem$H_prolog3_InvertRedrawWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 174338775-0
                                                                                                                                                                                                                                                    • Opcode ID: 17cb1803f752decdc3ae3afa53cf8641e196586e026539683046c884bd127dd5
                                                                                                                                                                                                                                                    • Instruction ID: 0f309a206f8e2b580a4fb85993619824befdce3428abcc71ea02c12471d2f9a6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17cb1803f752decdc3ae3afa53cf8641e196586e026539683046c884bd127dd5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28514871A00619EFCB05DF69C989AEDBBB5FF88300F244169E416F7290DB706A08CF91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DA226F Relevance: 15.5, APIs: 10, Instructions: 486COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: d05b50884eb2537801696d59e7899457f53f9fde14d3e12a583ac58e087067c9
                                                                                                                                                                                                                                                    • Instruction ID: 4a867b89c819fe0fa71d81348004a9267952916f7b406a9c201f6a5f797d8420
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d05b50884eb2537801696d59e7899457f53f9fde14d3e12a583ac58e087067c9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27028B35A00619DFCB15CF6ED8809BEB7B6FF8A310F258158E955AB321D731AC45CBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DBA099 Relevance: 15.3, APIs: 10, Instructions: 348windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00DBA0A0
                                                                                                                                                                                                                                                      • Part of subcall function 00D9CFA6: GetWindowLongW.USER32(?,000000F0), ref: 00D9CFB3
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00DBA0E3
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00DBA224
                                                                                                                                                                                                                                                    • MessageBeep.USER32(000000FF), ref: 00DBA288
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00DBA2A3
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000C2,00000001,00000000), ref: 00DBA1E4
                                                                                                                                                                                                                                                      • Part of subcall function 00DBB097: SendMessageW.USER32(?,000000B1,0000002E,000000FF), ref: 00DBB0AB
                                                                                                                                                                                                                                                      • Part of subcall function 00DBB097: SendMessageW.USER32(?,000000B7,00000000,00000000), ref: 00DBB0C3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$Send$BeepH_prolog3LongWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 29510489-0
                                                                                                                                                                                                                                                    • Opcode ID: a252988ea37fea4f37b92029288a731e1e2cc075afda4c871321c0aec6d674c8
                                                                                                                                                                                                                                                    • Instruction ID: 24585690eac72afe3f5be5b2d9fd30e5f34d44c6c018f7944c31f23022c2b205
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a252988ea37fea4f37b92029288a731e1e2cc075afda4c871321c0aec6d674c8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54C14771A0011AEFCF14EBA8C995AFEB7B9FF48310F14411AF912B7291DB71A9018B71
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00E4200B Relevance: 15.3, APIs: 10, Instructions: 265COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00E4203F
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,00000000), ref: 00E42096
                                                                                                                                                                                                                                                    • CopyRect.USER32(00000000,?), ref: 00E420AE
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,00000000,?), ref: 00E4219C
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,00000000,?), ref: 00E421CD
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,00000000,?), ref: 00E42209
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,00000000,?), ref: 00E42237
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,00000000,?), ref: 00E42297
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,00000000,?), ref: 00E422D4
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,00000000,?), ref: 00E4231B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$CopyParentWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 642869531-0
                                                                                                                                                                                                                                                    • Opcode ID: 1f636f66f433d1db5264fb6b2a95e479b39b59d0384dc6b64c6434aa6f75eaaf
                                                                                                                                                                                                                                                    • Instruction ID: 45c867de07ee782569f835eda8a380aa6d8ccce376c4f433f7dc13d0a9eaf1b2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f636f66f433d1db5264fb6b2a95e479b39b59d0384dc6b64c6434aa6f75eaaf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92B1E272E002199FCF11CFA8D948AEEBBF5AF48304F64516AEA09F3250D7759A44CF90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC0775 Relevance: 15.1, APIs: 10, Instructions: 109windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00DC077C
                                                                                                                                                                                                                                                      • Part of subcall function 00D9FC25: __EH_prolog3.LIBCMT ref: 00D9FC2C
                                                                                                                                                                                                                                                      • Part of subcall function 00D9FC25: GetDC.USER32(00000000), ref: 00D9FC58
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00DC0797
                                                                                                                                                                                                                                                    • InvertRect.USER32(?,?), ref: 00DC07AD
                                                                                                                                                                                                                                                    • SetRectEmpty.USER32(?), ref: 00DC07BA
                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,00000000), ref: 00DC0807
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000015), ref: 00DC0825
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000015), ref: 00DC084B
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000120C,00000000,00000001), ref: 00DC088C
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000120C,00000001,00000001), ref: 00DC08BC
                                                                                                                                                                                                                                                    • InvertRect.USER32(?,?), ref: 00DC08C8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$EmptyInvertMessageMetricsSendSystem$ClientH_prolog3H_prolog3_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3401445556-0
                                                                                                                                                                                                                                                    • Opcode ID: 2b19fdfc3d5199a44fedc9f7c5447779cb6991da381a4138e347a7cb46458640
                                                                                                                                                                                                                                                    • Instruction ID: 63bbc243dc5c589dccea566d1f21e4649cc6105534662c6fc0c9b6f9c0272e9c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b19fdfc3d5199a44fedc9f7c5447779cb6991da381a4138e347a7cb46458640
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0414832800618DFDF05DFA4CA49BAD7BB5FF84301F254069E905BB1A5DB716A48CFA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC154C Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 171windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000104B,00000000,?), ref: 00DC1581
                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00DC163D
                                                                                                                                                                                                                                                    • GetMenuDefaultItem.USER32(?,00000000,00000000), ref: 00DC167C
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DC16A6
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DC16FA
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DC170D
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,?,00000000,00000000), ref: 00DC1727
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Parent$MenuMessageSend$CreateDefaultItemPopup
                                                                                                                                                                                                                                                    • String ID: $
                                                                                                                                                                                                                                                    • API String ID: 3883924376-3993045852
                                                                                                                                                                                                                                                    • Opcode ID: 09661b6cb85300dc2f5f5a309799c46c52f2838ad8cd878882bab36b260c4868
                                                                                                                                                                                                                                                    • Instruction ID: 111b96c1e3ec2ce76c073850b6421aef53cf30ac049391c5e75681c6ec7c259a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 09661b6cb85300dc2f5f5a309799c46c52f2838ad8cd878882bab36b260c4868
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA517B75A00229EFDB119FA5DD48FADBBB9EF49700F244069E905B72A1E770A901CF60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D99658 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 118libraryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(Comctl32.dll), ref: 00D997EE
                                                                                                                                                                                                                                                      • Part of subcall function 00D995B4: GetProcAddress.KERNEL32(?,?), ref: 00D995E2
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00D99708
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(0000006F), ref: 00D9971C
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00D99773
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$AddressFileLibraryLoadModuleNameProc
                                                                                                                                                                                                                                                    • String ID: $@$Comctl32.dll$GetModuleHandleExW
                                                                                                                                                                                                                                                    • API String ID: 3640817601-4183358198
                                                                                                                                                                                                                                                    • Opcode ID: 8772baf9abf9240aa97c55dba00056d76bc8d153d4a7a2d0d6a48fedccb72722
                                                                                                                                                                                                                                                    • Instruction ID: d1258c23feb9eed81bd43f1915ff3ab107d2773900651ac610a95a795d388cff
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8772baf9abf9240aa97c55dba00056d76bc8d153d4a7a2d0d6a48fedccb72722
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A4187719102189AEF309FAD9C99BEDB6B8EF45710F2401AEE508F2190DB749E85CF71
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D921F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 115registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTickCount64.KERNEL32 ref: 00D92220
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00D922FB
                                                                                                                                                                                                                                                    • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 00D92313
                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 00D92327
                                                                                                                                                                                                                                                    • RegSetValueW.ADVAPI32(?,00F2EE74,00000001,?,?), ref: 00D92359
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D92365
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • 9AC52742-8547-84D6-5349-ECEC87A66D67, xrefs: 00D922F0
                                                                                                                                                                                                                                                    • SOFTWARE\Classes\CLSID\{%ws}, xrefs: 00D922F5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: wsprintf$CloseCount64CreateHandleTickValue
                                                                                                                                                                                                                                                    • String ID: 9AC52742-8547-84D6-5349-ECEC87A66D67$SOFTWARE\Classes\CLSID\{%ws}
                                                                                                                                                                                                                                                    • API String ID: 100201662-3717133852
                                                                                                                                                                                                                                                    • Opcode ID: 95cbf5af411f689182eed6a11c77dbe7849cd5a582a1f9486608264201397ecd
                                                                                                                                                                                                                                                    • Instruction ID: 0fa391d0331c5049bff701612f1cba9548d3cd83575aad76be4ff569b26454e3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 95cbf5af411f689182eed6a11c77dbe7849cd5a582a1f9486608264201397ecd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 354117B1A0021C9FDB14CB69ED94BA9BBF8EB88300F1840A9E709E7351D7749D89DF54
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DA2979 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 00DA299F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00DA29AF
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?,00000000), ref: 00DA29B8
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000,?,00000000), ref: 00DA29C6
                                                                                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00DA29EE
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Pointer$AddressDecodeDirectoryEncodeHandleModuleProcSystem
                                                                                                                                                                                                                                                    • String ID: SetDefaultDllDirectories$\$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 2101061299-3881611067
                                                                                                                                                                                                                                                    • Opcode ID: 97d531575c4f9083b64428a67677f69a1f8934216fb54e3be0ef160bbcafe39b
                                                                                                                                                                                                                                                    • Instruction ID: 0ad4c260ef3b4284deb6d464ea585c5a24a900312bdfb42ff5c3a45a61ded8fc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97d531575c4f9083b64428a67677f69a1f8934216fb54e3be0ef160bbcafe39b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D21C031A4021CABDB20DB6A9D49BBF37ECEF56740F280465B905E2160E770DA48CAB1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB2AC3 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00DB2AE5
                                                                                                                                                                                                                                                    • GetStockObject.GDI32(0000000D), ref: 00DB2AF1
                                                                                                                                                                                                                                                    • GetObjectW.GDI32(00000000,0000005C,?), ref: 00DB2B02
                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00DB2B11
                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00DB2B28
                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(?,00000048,00000000), ref: 00DB2B34
                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00DB2B40
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                                                                                                                                                    • String ID: System
                                                                                                                                                                                                                                                    • API String ID: 46613423-3470857405
                                                                                                                                                                                                                                                    • Opcode ID: 39edc1df940b52b77d9e93ea440c5b70b19ac198f35ae156815b1e7cc718d88d
                                                                                                                                                                                                                                                    • Instruction ID: c0775051ee97d88f9a4aee59536eef85b39bbed4ad9da27554116aa31fe27b7e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39edc1df940b52b77d9e93ea440c5b70b19ac198f35ae156815b1e7cc718d88d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B117F75640318ABEB149F66DD89FBE7BB8EB85B41F240019F50AEB290DF709C09D620
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00E750F5 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00E750FC
                                                                                                                                                                                                                                                      • Part of subcall function 00D9C69C: EnterCriticalSection.KERNEL32(00F4F478,?,?,00000010,?,00D9BAFA,00000010,00000008,00D9AD73,00D9ADB0,00D99031,00D9924E,00D9616E,?), ref: 00D9C6CD
                                                                                                                                                                                                                                                      • Part of subcall function 00D9C69C: InitializeCriticalSection.KERNEL32(00000000,?,?,00000010,?,00D9BAFA,00000010,00000008,00D9AD73,00D9ADB0,00D99031,00D9924E,00D9616E,?), ref: 00D9C6E3
                                                                                                                                                                                                                                                      • Part of subcall function 00D9C69C: LeaveCriticalSection.KERNEL32(00F4F478,?,?,00000010,?,00D9BAFA,00000010,00000008,00D9AD73,00D9ADB0,00D99031,00D9924E,00D9616E,?), ref: 00D9C6F1
                                                                                                                                                                                                                                                      • Part of subcall function 00D9C69C: EnterCriticalSection.KERNEL32(00000000,?,00000010,?,00D9BAFA,00000010,00000008,00D9AD73,00D9ADB0,00D99031,00D9924E,00D9616E,?), ref: 00D9C6FE
                                                                                                                                                                                                                                                    • GetProfileIntW.KERNEL32(windows,DragScrollInset,0000000B), ref: 00E75147
                                                                                                                                                                                                                                                    • GetProfileIntW.KERNEL32(windows,DragScrollDelay,00000032), ref: 00E7515A
                                                                                                                                                                                                                                                    • GetProfileIntW.KERNEL32(windows,DragScrollInterval,00000032), ref: 00E7516D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$Profile$Enter$H_prolog3InitializeLeave
                                                                                                                                                                                                                                                    • String ID: DragScrollDelay$DragScrollInset$DragScrollInterval$windows
                                                                                                                                                                                                                                                    • API String ID: 4229786687-1024936294
                                                                                                                                                                                                                                                    • Opcode ID: 538d4b58ab3d1bc6c6d45daf6736d3e7e2715d1041583bb13777771705c4742e
                                                                                                                                                                                                                                                    • Instruction ID: 3c776a3eaf3e201739388f671464c4b0b724ca2691aa9509978ac75e2875c957
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 538d4b58ab3d1bc6c6d45daf6736d3e7e2715d1041583bb13777771705c4742e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F401B1B1582304AFCBA0DF349A067697AF0BB46B84F54561DB204B6792CBB44542EB15
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB986B Relevance: 13.9, APIs: 9, Instructions: 355windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00DB9872
                                                                                                                                                                                                                                                    • SendMessageW.USER32(000000FF,000000B0,000000FF,?), ref: 00DB988C
                                                                                                                                                                                                                                                    • MessageBeep.USER32(000000FF), ref: 00DB9ABE
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000001,000000C2,00000001,00000001), ref: 00DB9A7C
                                                                                                                                                                                                                                                      • Part of subcall function 00DAF22D: CoInitialize.OLE32(00000000), ref: 00DAF27D
                                                                                                                                                                                                                                                      • Part of subcall function 00DAF22D: CoCreateInstance.OLE32(00F2DE80,00000000,00000001,00F00B80,?,?,?,?,80070057), ref: 00DAF29F
                                                                                                                                                                                                                                                    • MessageBeep.USER32(000000FF), ref: 00DB9C80
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Message$BeepSend$CreateH_prolog3InitializeInstance
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1592277836-0
                                                                                                                                                                                                                                                    • Opcode ID: 61882a1aafa901eaf7e3ff6ac772a94ce5530acddc79727d720437fab756b963
                                                                                                                                                                                                                                                    • Instruction ID: ac2124f201a13848aa97a3faf906412c8bb725d5eeb641e091997b2372b05b70
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61882a1aafa901eaf7e3ff6ac772a94ce5530acddc79727d720437fab756b963
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97D14871A00159DBCF04DBA4C995EFEBBB9FF48310F24416AEA12B7285DB30A944CB71
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC0077 Relevance: 13.7, APIs: 9, Instructions: 214COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetRectEmpty.USER32(?), ref: 00DC0111
                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,?,00000001), ref: 00DC016D
                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,?,00000001), ref: 00DC017C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$Invalidate$Empty
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1126320529-0
                                                                                                                                                                                                                                                    • Opcode ID: 53202226c8e515f4774bedbd2082fd7005a1fb70d3b0afbf6591177ef9affc2a
                                                                                                                                                                                                                                                    • Instruction ID: 7f22efa821b1eebf574bae9e5d4ca2221775903a5316429cddfd045551eb7373
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53202226c8e515f4774bedbd2082fd7005a1fb70d3b0afbf6591177ef9affc2a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55812935A00219DFCF05CF65C988AADBBB5FF88314F294069E805BB250DB71AE45CFA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00ECD0C0 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00D97E56,00D97E58,00000000,00000000,8AC7FD4E,00000000,00000000,?,Function_0013E8D0,00F45618,000000FE,?,00D97E56,WQL), ref: 00ECD149
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00D97E56,?,00000000,00000000,?,Function_0013E8D0,00F45618,000000FE,?,00D97E56), ref: 00ECD1C4
                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00ECD1CF
                                                                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 00ECD1F8
                                                                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 00ECD202
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(80070057,8AC7FD4E,00000000,00000000,?,Function_0013E8D0,00F45618,000000FE,?,00D97E56,WQL), ref: 00ECD207
                                                                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 00ECD21A
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,Function_0013E8D0,00F45618,000000FE,?,00D97E56,WQL), ref: 00ECD230
                                                                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 00ECD243
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1353541977-0
                                                                                                                                                                                                                                                    • Opcode ID: 86f64a74f2bdd5d788b0b6c5e6c8d3842d67a1a305788f420c75ed9fde37899f
                                                                                                                                                                                                                                                    • Instruction ID: 3d8cf0c9aa79d590562776ed2902d02de123f874b79f08e3a165dc5cc781ec91
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 86f64a74f2bdd5d788b0b6c5e6c8d3842d67a1a305788f420c75ed9fde37899f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8941F5B1A04209ABC7109FA9DD45FAEBBE9EB44714F24523DF419F7281D7379802C7A0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB3AA7 Relevance: 13.6, APIs: 9, Instructions: 144windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00DB3AAE
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DB3B46
                                                                                                                                                                                                                                                    • GetNextDlgGroupItem.USER32(?,00000000,00000000), ref: 00DB3B69
                                                                                                                                                                                                                                                    • GetNextDlgGroupItem.USER32(?,?,?), ref: 00DB3BC6
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00DB3BF4
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F4), ref: 00DB3C07
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DB3C16
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000111,?,?), ref: 00DB3C33
                                                                                                                                                                                                                                                      • Part of subcall function 00D9CFA6: GetWindowLongW.USER32(?,000000F0), ref: 00D9CFB3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: GroupItemLongMessageNextParentSendWindow$H_prolog3
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 212963440-0
                                                                                                                                                                                                                                                    • Opcode ID: d4943317f52e78cfa2340cd94c4e420355d48d89e95057c20f96cdf33bc408cf
                                                                                                                                                                                                                                                    • Instruction ID: ded862208d39c23570c71cf12b3f8336ed8ce9aa3ee3d9d3e96aa36c61ec04c9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4943317f52e78cfa2340cd94c4e420355d48d89e95057c20f96cdf33bc408cf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62419672A00218EFCF25ABB5CD45EBE7AA9FF44700B280529F547E7151DA30CA04EB70
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00EB1A78 Relevance: 13.6, APIs: 9, Instructions: 124COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00EB1A7F
                                                                                                                                                                                                                                                    • EqualRect.USER32(?,?), ref: 00EB1A9B
                                                                                                                                                                                                                                                    • EqualRect.USER32(?,?), ref: 00EB1AB0
                                                                                                                                                                                                                                                    • CreateRectRgn.GDI32(00000000,00000000,?,?), ref: 00EB1AF9
                                                                                                                                                                                                                                                    • CreateRectRgn.GDI32(?,00000000,?,?), ref: 00EB1B2D
                                                                                                                                                                                                                                                    • CreateRectRgnIndirect.GDI32(?), ref: 00EB1B39
                                                                                                                                                                                                                                                    • CombineRgn.GDI32(?,?,?,00000002), ref: 00EB1B53
                                                                                                                                                                                                                                                    • SetWindowRgn.USER32(?,?,00000000), ref: 00EB1B60
                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00EB1BDC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$Create$EqualWindow$CombineH_prolog3IndirectRedraw
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1583790776-0
                                                                                                                                                                                                                                                    • Opcode ID: 6df5eccdd403fd49382ab758e296d6783e2e5904a96338af23a11a62d36aa506
                                                                                                                                                                                                                                                    • Instruction ID: 4f1474ccae53ea741177c20afe5abc89ef4bc66afaf439e11abc75a54091768f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6df5eccdd403fd49382ab758e296d6783e2e5904a96338af23a11a62d36aa506
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A41287150020AEFCF05DFA4C999EEF7B75FF45300F508168F909AA151DB70A959CBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DA31C1 Relevance: 13.6, APIs: 9, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00DA31CB
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000000,00000000,00000080), ref: 00DA3212
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000000,00000000,?), ref: 00DA323E
                                                                                                                                                                                                                                                    • ValidateRect.USER32(?,00000000), ref: 00DA3251
                                                                                                                                                                                                                                                      • Part of subcall function 00DAAD06: GetClientRect.USER32(?,?), ref: 00DAAD70
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00DA32C9
                                                                                                                                                                                                                                                    • BeginPaint.USER32(?,?), ref: 00DA32D6
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000000,00000000,?), ref: 00DA330C
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000000,00000000), ref: 00DA332E
                                                                                                                                                                                                                                                    • EndPaint.USER32(?,?), ref: 00DA3346
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Rect$ClientPaint$BeginH_prolog3_Validate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3883544035-0
                                                                                                                                                                                                                                                    • Opcode ID: bc710a07f7c71cb8f8547b28e174cbbbb1d6ff81d88ad9fb3885d37f6e702fdb
                                                                                                                                                                                                                                                    • Instruction ID: d86c9a0c9646ea8bd1087952875b33e4596d1177cae6434b57d02f622059aec6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc710a07f7c71cb8f8547b28e174cbbbb1d6ff81d88ad9fb3885d37f6e702fdb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97416071900609EFCF21AF71DD95A6EBAB6FF89300F14452EF156A2161DB30AA04DF30
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9886C Relevance: 13.6, APIs: 9, Instructions: 89windowCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00D98873
                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(?), ref: 00D988B9
                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(?), ref: 00D988C5
                                                                                                                                                                                                                                                    • GetSubMenu.USER32(?,-00000001), ref: 00D988DC
                                                                                                                                                                                                                                                    • GetMenuItemCount.USER32(00000000), ref: 00D988EF
                                                                                                                                                                                                                                                    • GetSubMenu.USER32(00000000,00000000), ref: 00D98900
                                                                                                                                                                                                                                                    • RemoveMenu.USER32(00000000,00000000,00000400,?,?,?,?,?,?,8AC7FD4E,00F386F0,0000000C,00000004,00D97AF8,?), ref: 00D9891A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Menu$CountItem$H_prolog3Remove
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3061525546-0
                                                                                                                                                                                                                                                    • Opcode ID: 2917b4881fb4515c57e0ef9c8c49ae38ccba83b96f8b17c90bd2131d7116ffa0
                                                                                                                                                                                                                                                    • Instruction ID: bf3c3b7fc33eefe30331d80431c7ad8dc3cd4d9753861ebf048e452755c8b7c4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2917b4881fb4515c57e0ef9c8c49ae38ccba83b96f8b17c90bd2131d7116ffa0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32219F71500209BFCF109FB5DD09AAE7BA8FB82750F244529F505A6190CB70DA45EF61
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DCC678 Relevance: 13.6, APIs: 9, Instructions: 86memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000002,00000000,00000000,00000000,?,?,00DCC66D,00000000,00000000,?,00F05F10,?,00DCD4BB,?,00000000,?), ref: 00DCC685
                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000,?,00DCC66D,00000000,00000000,?,00F05F10,?,00DCD4BB,?,00000000,?), ref: 00DCC69A
                                                                                                                                                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,00000000,00000000), ref: 00DCC6BE
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00F51440), ref: 00DCC6D9
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00F51440,00000000), ref: 00DCC749
                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,00000000), ref: 00DCC750
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00DCC757
                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,00DCC66D,00000000,00000000,?,00F05F10,?,00DCD4BB,?,00000000,?), ref: 00DCC763
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00DCC76A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Global$CriticalFreeSectionUnlock$AllocCreateEnterLeaveLockStream
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3041472133-0
                                                                                                                                                                                                                                                    • Opcode ID: 4cfd0b61bde219243a815343db21b9fad18739dc72c5af341ff4cdcbef82d07d
                                                                                                                                                                                                                                                    • Instruction ID: f66a57bc0e369d093261cdacc31844c9a99f56ea5bebfec8bf1614e8d640b5d7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4cfd0b61bde219243a815343db21b9fad18739dc72c5af341ff4cdcbef82d07d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4221B43560020AAFDB01ABA5DD89FBD37A8EB85B52B24501DF605E31A1DB70DC44DB31
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DAEA51 Relevance: 13.6, APIs: 9, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 00DAEA6B
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00DAEA7A
                                                                                                                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 00DAEA88
                                                                                                                                                                                                                                                    • GetDlgItem.USER32(?), ref: 00DAEA9E
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00DAEAA9
                                                                                                                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 00DAEAB7
                                                                                                                                                                                                                                                    • GetFocus.USER32 ref: 00DAEAD5
                                                                                                                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 00DAEADC
                                                                                                                                                                                                                                                    • SetFocus.USER32(00000000), ref: 00DAEAE7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$Enabled$FocusItemLong
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1558694495-0
                                                                                                                                                                                                                                                    • Opcode ID: dca24c750f966d5a806893060fa64ce71cd2f0666d6834ad977003f88a65030b
                                                                                                                                                                                                                                                    • Instruction ID: 749cb5e87d181bc0c9e98e916313472df17229c7b353513c611b1d948f788014
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dca24c750f966d5a806893060fa64ce71cd2f0666d6834ad977003f88a65030b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4111B231200229AFDB116F76ED48B7E7B69FF86365F385116F805A22B0DB318C14DEA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DCA610 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 261windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00DCBAEF: GdipGetImagePixelFormat.GDIPLUS(?,?,00000000,00000000,?,00DCA654,8AC7FD4E,00000000,00000000,?), ref: 00DCBAFD
                                                                                                                                                                                                                                                      • Part of subcall function 00DCBAA7: GdipGetImagePalette.GDIPLUS(?,00000000,00000000,?,?,00DCA773,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,8AC7FD4E), ref: 00DCBAB6
                                                                                                                                                                                                                                                    • GdipBitmapLockBits.GDIPLUS(?,?,00000001,?,00000000,00000000,00000000,?,00000000,00000000,00000000,8AC7FD4E,00000000,00000000,?), ref: 00DCA868
                                                                                                                                                                                                                                                    • GdipBitmapUnlockBits.GDIPLUS(?,00000000,?,?,00000001,?,00000000,00000000,00000000,?,00000000,00000000,00000000,8AC7FD4E,00000000,00000000), ref: 00DCA918
                                                                                                                                                                                                                                                    • GdipDrawImageI.GDIPLUS(?,00000000,00000000,00000000,?,?,00000082,?,00022009,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00DCA96A
                                                                                                                                                                                                                                                    • GdipDeleteGraphics.GDIPLUS(?,?,00000000,00000000,00000000,?,?,00000082,?,00022009,00000000,00000000,00000000,?,00000000,00000000), ref: 00DCA975
                                                                                                                                                                                                                                                    • GdipDisposeImage.GDIPLUS(?,?,?,00000000,00000000,00000000,?,?,00000082,?,00022009,00000000,00000000,00000000,?,00000000), ref: 00DCA980
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Gdip$Image$BitmapBits$DeleteDisposeDrawFormatGraphicsLockPalettePixelUnlock
                                                                                                                                                                                                                                                    • String ID: &$ &
                                                                                                                                                                                                                                                    • API String ID: 1665940520-360661826
                                                                                                                                                                                                                                                    • Opcode ID: de3072b94dd3f9954eb9c30a39685bec1f1b4d5251b1e9605571199a6d7f5e8d
                                                                                                                                                                                                                                                    • Instruction ID: 9934b1197b917fd95eaffa508760083ae4608170fafe533ba9ecd43359f70808
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de3072b94dd3f9954eb9c30a39685bec1f1b4d5251b1e9605571199a6d7f5e8d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3AA16FF190022A9BCB25DF18CD81BADB7B5EF44318F5541ADEA09A7241DB309E81CFA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DA43BD Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 216libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(user32.dll), ref: 00DA43E0
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetGestureInfo), ref: 00DA4415
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CloseGestureInfoHandle), ref: 00DA443D
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00DA44CD
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressProc$ClientHandleModuleScreen
                                                                                                                                                                                                                                                    • String ID: CloseGestureInfoHandle$GetGestureInfo$user32.dll
                                                                                                                                                                                                                                                    • API String ID: 471820996-2905070798
                                                                                                                                                                                                                                                    • Opcode ID: 61ec0bac557a82eb51d8e7256567a9d53938482c6ff1e29e28231165967edbd5
                                                                                                                                                                                                                                                    • Instruction ID: 0ef43229ce4377de62583af2575f6c25c6d2294cb285c9fa7c72e7666a37a496
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61ec0bac557a82eb51d8e7256567a9d53938482c6ff1e29e28231165967edbd5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0781C175A0061AEFCB14CF69D948AB9BBB4FF89300B1441A9E905A3760DBB1FD24DF50
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DBBA57 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 124COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00DBBA5E
                                                                                                                                                                                                                                                      • Part of subcall function 00DF7B74: __EH_prolog3.LIBCMT ref: 00DF7B7B
                                                                                                                                                                                                                                                      • Part of subcall function 00E116D0: SetRectEmpty.USER32(?), ref: 00E11705
                                                                                                                                                                                                                                                    • SetRectEmpty.USER32(?), ref: 00DBBB8E
                                                                                                                                                                                                                                                    • SetRectEmpty.USER32 ref: 00DBBB9F
                                                                                                                                                                                                                                                    • SetRectEmpty.USER32(?), ref: 00DBBBA6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: EmptyRect$H_prolog3
                                                                                                                                                                                                                                                    • String ID: False$True$`
                                                                                                                                                                                                                                                    • API String ID: 3752103406-1389484905
                                                                                                                                                                                                                                                    • Opcode ID: 35e0a1165517cb1ddbac16d8ca4d8fcba46dbab499862fe35e1a6014a94480db
                                                                                                                                                                                                                                                    • Instruction ID: 33805e3c4de6a0bc0eec0204591ef6da2814100b8d30a9afe9ce9a7c6e4a2d7e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35e0a1165517cb1ddbac16d8ca4d8fcba46dbab499862fe35e1a6014a94480db
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED51D3B09052059FCB0ADF69D495BE9BBE8BF48310F1841BEE81D9F396CBB01645CB64
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DA942A Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CheckMenuItem.USER32(?,?,00000000), ref: 00DA9459
                                                                                                                                                                                                                                                      • Part of subcall function 00D9D4AA: GetWindowTextW.USER32(00000000,?,00000100), ref: 00D9D508
                                                                                                                                                                                                                                                      • Part of subcall function 00D9D4AA: lstrcmpW.KERNEL32(?,00D9CD3B), ref: 00D9D51A
                                                                                                                                                                                                                                                      • Part of subcall function 00D9D4AA: SetWindowTextW.USER32(00000000,00D9CD3B), ref: 00D9D526
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000087,00000000,00000000), ref: 00DA9474
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F1,?,00000000), ref: 00DA9491
                                                                                                                                                                                                                                                    • SetMenuItemBitmaps.USER32(?,?,00000400,00000000,00000000), ref: 00DA94FE
                                                                                                                                                                                                                                                    • SetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00DA954E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ItemMenu$MessageSendTextWindow$BitmapsCheckInfolstrcmp
                                                                                                                                                                                                                                                    • String ID: 0$@
                                                                                                                                                                                                                                                    • API String ID: 72408025-1545510068
                                                                                                                                                                                                                                                    • Opcode ID: 7fdb1d598e213445854bcc4afb4a9e6fd24179f0cc6818566f219e005fa50c1b
                                                                                                                                                                                                                                                    • Instruction ID: f5b1c7d6b2ebe6f620062de283d2fdbe8c0dd70a32f8c18fb7be5367a7ab3411
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7fdb1d598e213445854bcc4afb4a9e6fd24179f0cc6818566f219e005fa50c1b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F41EF31600204EFCB259F25CC55F6AFBB9FF05700F288529FA09AA550D770EC41CBA4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC3268 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000004,?), ref: 00DC32AE
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00DC32E8
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001102,00008001,?), ref: 00DC332A
                                                                                                                                                                                                                                                      • Part of subcall function 00DC2C13: __EH_prolog3.LIBCMT ref: 00DC2C1A
                                                                                                                                                                                                                                                      • Part of subcall function 00DC2C13: SendMessageW.USER32(?,0000113E,00000000,?), ref: 00DC2C5C
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00DC336E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$H_prolog3
                                                                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                                                                    • API String ID: 1885053084-2766056989
                                                                                                                                                                                                                                                    • Opcode ID: 0897fc485ec94e2111bcce155f3e74218d577a405ced266aa1a30df2e81cb45d
                                                                                                                                                                                                                                                    • Instruction ID: c279d3c192bc965e63d38bbd17b50a8506577a75840f27f2e8777f662d6fab80
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0897fc485ec94e2111bcce155f3e74218d577a405ced266aa1a30df2e81cb45d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D831A071600219BFEB156B25DD4AFEA7B6CFF58721F144016F605B71A1DBB0DE008AB0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9E399 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(?,?), ref: 00D9E3A8
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00D9E3B6
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00D9E3D3
                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,?,00000001,00000000,?,?,?,00000000,00000000), ref: 00D9E3FB
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,00000000), ref: 00D9E409
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,00000000), ref: 00D9E426
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$File$PointerSize
                                                                                                                                                                                                                                                    • String ID: 8
                                                                                                                                                                                                                                                    • API String ID: 1570593808-3897458245
                                                                                                                                                                                                                                                    • Opcode ID: 905ecaa9a8ef7e1e536de09f472a36cdf10c07ba07a19e298eefad23a5335f67
                                                                                                                                                                                                                                                    • Instruction ID: 0f34a16ca38a82abc8eb1eede6f50fdefbc349327c5c628319c6764bc094fa82
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 905ecaa9a8ef7e1e536de09f472a36cdf10c07ba07a19e298eefad23a5335f67
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1114971900218BFDF24ABB5ED498EE7BACEF45360B304699F811E3650E670ED04D660
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DBC1EE Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00DBC1F8
                                                                                                                                                                                                                                                      • Part of subcall function 00DBC872: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00DBC87B
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000030,?,00000001), ref: 00DBC25E
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000D4,00000000,00000000), ref: 00DBC26F
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000030,?,00000001), ref: 00DBC297
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000D4,00000000,00000000), ref: 00DBC2A3
                                                                                                                                                                                                                                                    • Concurrency::details::ExternalContextBase::~ExternalContextBase.LIBCONCRT ref: 00DBC2C3
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$ContextExternal$BaseBase::~Concurrency::details::H_prolog3_
                                                                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                                                                    • API String ID: 1047725533-2564639436
                                                                                                                                                                                                                                                    • Opcode ID: 228ee1fcc895f42690011966846919cdc6c30b7172d91a6a72aed6a9edb69e81
                                                                                                                                                                                                                                                    • Instruction ID: 87d4a8fe6af241d75a7a1680c45e7432ab85a5b96d554c520cfa6958b6dde91a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 228ee1fcc895f42690011966846919cdc6c30b7172d91a6a72aed6a9edb69e81
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61216D70A102189FDB21AFA6CD55FFEBAB9FF85704F10005AF546A72A1DB709A04DF60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DAC34C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(uxtheme.dll), ref: 00DAC35E
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DrawThemeTextEx), ref: 00DAC36E
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000), ref: 00DAC377
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000), ref: 00DAC385
                                                                                                                                                                                                                                                    • DrawThemeText.UXTHEME(?,?,?,?,?,?,?,00000000,?), ref: 00DAC3D2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Pointer$AddressDecodeDrawEncodeHandleModuleProcTextTheme
                                                                                                                                                                                                                                                    • String ID: DrawThemeTextEx$uxtheme.dll
                                                                                                                                                                                                                                                    • API String ID: 1727381832-3035683158
                                                                                                                                                                                                                                                    • Opcode ID: 754847548873ce974585ccdcdc2f38cc6ea388b1f6bfd62392635cf732798b02
                                                                                                                                                                                                                                                    • Instruction ID: 7d747c0e03758b76471c0610bce1def40d1e4f001ff95094ed959bf1494cd6cf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 754847548873ce974585ccdcdc2f38cc6ea388b1f6bfd62392635cf732798b02
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F11F73210020ABFCF125FA1DD08DEE3FAAFB48755B258150FE05A1160D772D820EB91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DD2411 Relevance: 12.3, APIs: 8, Instructions: 291COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00DD2473
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00DD2480
                                                                                                                                                                                                                                                      • Part of subcall function 00DD23E6: GetParent.USER32(?), ref: 00DD23FB
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00DD24CC
                                                                                                                                                                                                                                                    • IntersectRect.USER32(?,?,?), ref: 00DD24DE
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 00DD2551
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00DD2598
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 00DD25A8
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00DD2704
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$Window$CursorIntersectParent
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1143452425-0
                                                                                                                                                                                                                                                    • Opcode ID: b5ecac5e048f381e40a35adb35803e4bfa2d22c57cc05a6b7b426db49fad9cc6
                                                                                                                                                                                                                                                    • Instruction ID: f7b15ee445abd4119faaf6d7a0c6c2a5544b0020c78442080cc0817c827b3fdf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b5ecac5e048f381e40a35adb35803e4bfa2d22c57cc05a6b7b426db49fad9cc6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADC1C371E0020EDFCF14DFA9DA949ADBBB5FF58300F24406AE455F2254EB30AA55CB61
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DD30A2 Relevance: 12.2, APIs: 8, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$CaptureDestroyEmptyMessageParentPointsRectReleaseSendVisible
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3509494761-0
                                                                                                                                                                                                                                                    • Opcode ID: a237637ac4d5b55c2971f06c736ed2a2f8655fae6313d035a094cac0d1b622ae
                                                                                                                                                                                                                                                    • Instruction ID: c42707977e55769882812ce5b554b2f7854a7ee03fecc8ccef0c411ec46bcda8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a237637ac4d5b55c2971f06c736ed2a2f8655fae6313d035a094cac0d1b622ae
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F5182306002159FDF159F25CC59BBE3BB5AF49700F18007AEC06AB296DB709E05CBA2
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC5568 Relevance: 12.1, APIs: 8, Instructions: 144windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFocus.USER32 ref: 00DC55B5
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00DC55FC
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000102C,00000000,00000003), ref: 00DC563A
                                                                                                                                                                                                                                                    • SetCapture.USER32(?), ref: 00DC5660
                                                                                                                                                                                                                                                    • ReleaseCapture.USER32 ref: 00DC5698
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00DC56B7
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000044), ref: 00DC56EA
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000045), ref: 00DC5708
                                                                                                                                                                                                                                                      • Part of subcall function 00DC4656: SendMessageW.USER32(00000000,00001018,00000000,00000000), ref: 00DC4662
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CaptureClientMessageMetricsScreenSendSystem$FocusRelease
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3871486171-0
                                                                                                                                                                                                                                                    • Opcode ID: 322dd71e759f2d3f70dc79a8cadb6d80bc3e6a7fb8124f5179629dd028673bd5
                                                                                                                                                                                                                                                    • Instruction ID: 7d819b7abefd428f0e95c38b1b21ac006d2bfa9d420a88a73cc7d2d90e0fcd20
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 322dd71e759f2d3f70dc79a8cadb6d80bc3e6a7fb8124f5179629dd028673bd5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20519275A00A0AEFCB19DFB4D945EE9BBB5FF08310F244259E52697291DB30B981CF60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DCD661 Relevance: 12.1, APIs: 8, Instructions: 138windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00DCD668
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00F51440,00000018,00DF8873,?,?,?,00000000,?,?,?,?), ref: 00DCD686
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000018), ref: 00DCD6D3
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00F51440,?), ref: 00DCD6F0
                                                                                                                                                                                                                                                    • CreateBitmap.GDI32(?,-00000002,00000001,00000001,00000000), ref: 00DCD718
                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000), ref: 00DCD727
                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00DCD7B1
                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,-00000002), ref: 00DCD7D1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Create$BitmapCompatibleCriticalObjectSectionSelect$EnterH_prolog3Leave
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4255533662-0
                                                                                                                                                                                                                                                    • Opcode ID: f11ee7f914a8df483e59a9b4d5f0450bb0b696e9389fb45a06b7a91d85b5a4f9
                                                                                                                                                                                                                                                    • Instruction ID: 2ac3948e72fca8fc7257eb01c2e041340a8edb285775247e9168fcc31eec3da5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f11ee7f914a8df483e59a9b4d5f0450bb0b696e9389fb45a06b7a91d85b5a4f9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90513770500706DFDB249F65CD85F66B7E6FF85700B24852DE49A97291EB70E849CB30
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DBB86D Relevance: 12.1, APIs: 8, Instructions: 112windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00DBB8AF
                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00DBB8F2
                                                                                                                                                                                                                                                    • TrackPopupMenu.USER32(?,00000180,?,?,00000000,?,00000000), ref: 00DBB94D
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DBB95C
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000111,?,?), ref: 00DBB98E
                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001,00000000), ref: 00DBB9AE
                                                                                                                                                                                                                                                    • UpdateWindow.USER32(?), ref: 00DBB9B7
                                                                                                                                                                                                                                                    • ReleaseCapture.USER32 ref: 00DBB9C6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$InvalidateWindow$CaptureMenuMessageParentPopupReleaseSendTrackUpdate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2465089168-0
                                                                                                                                                                                                                                                    • Opcode ID: fa9a41b0c74d000312b70d46715c1f936428966992f3d39b4e022e6c11b180f5
                                                                                                                                                                                                                                                    • Instruction ID: 7cec50d581eae8742705a8fe6abaf6cc323079d4a45b4e7440677fcdaed5cfe3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa9a41b0c74d000312b70d46715c1f936428966992f3d39b4e022e6c11b180f5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20410E70A0470AFFDB089F75D984ABAFBB5FF48310F14012AE55AA2251D7746814DFA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00E3B009 Relevance: 12.1, APIs: 8, Instructions: 98COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00E3B025
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00E3B03C
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00E3B080
                                                                                                                                                                                                                                                    • MapWindowPoints.USER32(?,?,?,00000002), ref: 00E3B092
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 00E3B0A2
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00E3B0CF
                                                                                                                                                                                                                                                    • MapWindowPoints.USER32(?,?,?,00000002), ref: 00E3B0E1
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 00E3B0F1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$Client$PointsWindow$ParentScreen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1944725958-0
                                                                                                                                                                                                                                                    • Opcode ID: 0ab485ae3d33336137b350d1bbb73371df24e9a631e96cdffd4c0ac2f3c93646
                                                                                                                                                                                                                                                    • Instruction ID: f5881b3adaa75915a3fcc86bee2e7b336543ec073b9fcc03d396c6bcaf3f19ea
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ab485ae3d33336137b350d1bbb73371df24e9a631e96cdffd4c0ac2f3c93646
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D317E72A00109AFCF019FB5DD499BE7BB9FF48340B254565FA06E7160EB31DA04DB91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9D74D Relevance: 12.1, APIs: 8, Instructions: 77COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RealChildWindowFromPoint.USER32(?,?,?), ref: 00D9D771
                                                                                                                                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00D9D78C
                                                                                                                                                                                                                                                    • GetWindow.USER32(?,00000005), ref: 00D9D795
                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32(00000000), ref: 00D9D7A5
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00D9D7B5
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00D9D7D3
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 00D9D7E3
                                                                                                                                                                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 00D9D7F2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$Rect$ChildClientCtrlFromLongPointRealScreen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 151369081-0
                                                                                                                                                                                                                                                    • Opcode ID: a813555f8a576ae372e03ea177a2e982e9de923be2c625463fbac1310957e2b7
                                                                                                                                                                                                                                                    • Instruction ID: 52a07c5054f69bdd4933b9b155a13adb8000b1fc6c77737c407c272f38c829b6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a813555f8a576ae372e03ea177a2e982e9de923be2c625463fbac1310957e2b7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9421447190061AAFCB119FB9DD48ABFBBB9EF45310B24452AF905E3290D7349A05CBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DA8218 Relevance: 12.1, APIs: 8, Instructions: 64memorystringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00DA822C
                                                                                                                                                                                                                                                    • lstrcmpW.KERNEL32(00000000,?), ref: 00DA8245
                                                                                                                                                                                                                                                    • OpenPrinterW.WINSPOOL.DRV(?,?,00000000), ref: 00DA825A
                                                                                                                                                                                                                                                    • DocumentPropertiesW.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 00DA827A
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 00DA8282
                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00DA8290
                                                                                                                                                                                                                                                    • DocumentPropertiesW.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 00DA82A1
                                                                                                                                                                                                                                                    • ClosePrinter.WINSPOOL.DRV(?), ref: 00DA82B9
                                                                                                                                                                                                                                                      • Part of subcall function 00D9D477: GlobalFlags.KERNEL32(?), ref: 00D9D484
                                                                                                                                                                                                                                                      • Part of subcall function 00D9D477: GlobalUnlock.KERNEL32(?,?,?,?,?,?,00D9B59F,?,8AC7FD4E), ref: 00D9D492
                                                                                                                                                                                                                                                      • Part of subcall function 00D9D477: GlobalFree.KERNEL32(?), ref: 00D9D49E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 168474834-0
                                                                                                                                                                                                                                                    • Opcode ID: 5629bbca27fa9207d389911b4bc8c4f9a21ec6cf12919afb2c985f4de771dd08
                                                                                                                                                                                                                                                    • Instruction ID: dbc266bbef340fce34219ed3a6df45f3eddf9172f05b11996b31b88ffb5783d3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5629bbca27fa9207d389911b4bc8c4f9a21ec6cf12919afb2c985f4de771dd08
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D112EB5501A49BEEB226FA1CD49E7B7AEDEF05784B14042AFA41A1031DB31DD50E634
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DFB5DA Relevance: 10.8, APIs: 7, Instructions: 271windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00DFB5E1
                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000007), ref: 00DFB64A
                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00DFB680
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00DFB6DA
                                                                                                                                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,00000007,?,?,00CC0020), ref: 00DFB702
                                                                                                                                                                                                                                                    • BitBlt.GDI32(00000007,?,?,?,?,?,00000000,00000000,00CC0020), ref: 00DFB8CF
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00DFB8E6
                                                                                                                                                                                                                                                      • Part of subcall function 00DCB9E3: FillRect.USER32(?,?,-000000A8), ref: 00DCB9FF
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CompatibleCreateObject$BitmapDeleteFillH_prolog3RectSelect
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3910664508-0
                                                                                                                                                                                                                                                    • Opcode ID: 3320dd10b43c50744a345f717cadf296b019fa5dc49c9c1f54bc8e16968ff8d7
                                                                                                                                                                                                                                                    • Instruction ID: 650649b277fa846b5c7c0874905bf9493f09b18be22039d505fdf8b27fc7f621
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3320dd10b43c50744a345f717cadf296b019fa5dc49c9c1f54bc8e16968ff8d7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73A16B3190020EDBDF14DFA8C985ABEBBB4FF44350F15812AFA91E6291DB34D915DB60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC41DE Relevance: 10.7, APIs: 7, Instructions: 187windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00DC41E5
                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,00000000), ref: 00DC4238
                                                                                                                                                                                                                                                      • Part of subcall function 00D9FC25: __EH_prolog3.LIBCMT ref: 00D9FC2C
                                                                                                                                                                                                                                                      • Part of subcall function 00D9FC25: GetDC.USER32(00000000), ref: 00D9FC58
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000030,?,00000000), ref: 00DC4281
                                                                                                                                                                                                                                                    • GetParent.USER32(00000000), ref: 00DC428C
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000030,?,00000000), ref: 00DC42B2
                                                                                                                                                                                                                                                    • GetTextMetricsW.GDI32(?,?), ref: 00DC42D2
                                                                                                                                                                                                                                                      • Part of subcall function 00DA0F35: SelectObject.GDI32(?,00000000), ref: 00DA0F55
                                                                                                                                                                                                                                                      • Part of subcall function 00DA0F35: SelectObject.GDI32(?,00000000), ref: 00DA0F6B
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00DC43B7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: H_prolog3MessageObjectSelectSend$ClientH_prolog3_MetricsParentRectText
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3349635734-0
                                                                                                                                                                                                                                                    • Opcode ID: aab5293467fca30d76d9f2c8359fcf371af573e44f47466966aa3dd0dbd8e49b
                                                                                                                                                                                                                                                    • Instruction ID: c253d6af91d4bcb59c13c1c3304eb4246983b35cab755634bad1710a5b4a8dc0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aab5293467fca30d76d9f2c8359fcf371af573e44f47466966aa3dd0dbd8e49b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62619E32A001169FCF15DFA8CD95BAD77B5FF88300F284269E919BB295DB30AD05CB60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DCC785 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00002000), ref: 00DCC870
                                                                                                                                                                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 00DCC88B
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00DCC898
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00DCC918
                                                                                                                                                                                                                                                      • Part of subcall function 00DCD59B: GetObjectW.GDI32(?,00000054,?), ref: 00DCD5B5
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00DCC78C
                                                                                                                                                                                                                                                      • Part of subcall function 00D9D451: DeleteObject.GDI32(?), ref: 00D9D463
                                                                                                                                                                                                                                                      • Part of subcall function 00DCC614: FindResourceW.KERNEL32(00000000,?,PNG,?,?,?,00F05F10,?,00DCD4BB,?,00000000,?), ref: 00DCC636
                                                                                                                                                                                                                                                      • Part of subcall function 00DCC614: LoadResource.KERNEL32(00000000,00000000,?,00F05F10,?,00DCD4BB,?,00000000,?), ref: 00DCC644
                                                                                                                                                                                                                                                      • Part of subcall function 00DCC614: LockResource.KERNEL32(00000000,?,00F05F10,?,00DCD4BB,?,00000000,?), ref: 00DCC64F
                                                                                                                                                                                                                                                      • Part of subcall function 00DCC614: SizeofResource.KERNEL32(00000000,00000000,?,00F05F10,?,00DCD4BB,?,00000000,?), ref: 00DCC65D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Object$Resource$Delete$Load$FindH_prolog3ImageLockSizeof
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1337615151-3916222277
                                                                                                                                                                                                                                                    • Opcode ID: 38016f0f6919c71ca9247afa9fc357e60710d5c9a65d41a4e822e55a8f6f464d
                                                                                                                                                                                                                                                    • Instruction ID: f5922f4fece8390a1f964ec6a4a06d4a865482dd3335a3e760d6f9bba5d9f965
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38016f0f6919c71ca9247afa9fc357e60710d5c9a65d41a4e822e55a8f6f464d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF51467191061BEBDF14AFA0C885BAEB765FF04300F14912DEA1967291DB30AA55CBB0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC957F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00DC9586
                                                                                                                                                                                                                                                      • Part of subcall function 00D9FD2D: __EH_prolog3.LIBCMT ref: 00D9FD34
                                                                                                                                                                                                                                                      • Part of subcall function 00D9FD2D: GetWindowDC.USER32(00000000,00000004,00DC8286,00000000), ref: 00D9FD60
                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00DC95BE
                                                                                                                                                                                                                                                    • CreateDIBSection.GDI32(?,00000028,00000000,?,00000000,00000000), ref: 00DC9647
                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,00000000,?), ref: 00DC9661
                                                                                                                                                                                                                                                      • Part of subcall function 00DA0ED6: SelectObject.GDI32(?,?), ref: 00DA0EDF
                                                                                                                                                                                                                                                    • FillRect.USER32(?,00000000,-00000098), ref: 00DC96AC
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Create$Compatible$BitmapFillH_prolog3H_prolog3_ObjectRectSectionSelectWindow
                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                    • API String ID: 2680359821-3887548279
                                                                                                                                                                                                                                                    • Opcode ID: 59451356be299db34908f3ddce1dea0620825209a5b256e5c3b2d2fae597b872
                                                                                                                                                                                                                                                    • Instruction ID: b40e27db03c21dfb9e1e1659f7e0226af713b4f67695cc0df47a2eeb23b6284b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59451356be299db34908f3ddce1dea0620825209a5b256e5c3b2d2fae597b872
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7510471D102099FDF14DFA5C959BAEBBB5FF44300F24812EE405AB291DB749A09CF60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DD180E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00DD1815
                                                                                                                                                                                                                                                    • CopyRect.USER32(?,?), ref: 00DD18C3
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00DD18DB
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00DD18F3
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00DD1908
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7BDB: __EH_prolog3.LIBCMT ref: 00DC7BE2
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7BDB: LoadCursorW.USER32(00000000,00007F00), ref: 00DC7C06
                                                                                                                                                                                                                                                      • Part of subcall function 00DC7BDB: GetClassInfoW.USER32(?,?,?), ref: 00DC7C41
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$Empty$ClassCopyCursorH_prolog3H_prolog3_InfoLoad
                                                                                                                                                                                                                                                    • String ID: Afx:ControlBar
                                                                                                                                                                                                                                                    • API String ID: 685170547-4244778371
                                                                                                                                                                                                                                                    • Opcode ID: 6f24f97111200b60364c5d7a3c410ca643b8b41eb4204e333591491045c66a30
                                                                                                                                                                                                                                                    • Instruction ID: 899ce5d412ef66f85d1bcbc85fd11cd5365bc449af86249fdc879655f5269f8f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f24f97111200b60364c5d7a3c410ca643b8b41eb4204e333591491045c66a30
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E411475A00209ABCF05EFA4D894AEE77B6FF49340F244069FD05BB251EB71A945CB70
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00ECE8D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00ECE907
                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00ECE90F
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00ECE998
                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00ECE9C3
                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00ECEA18
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                    • Opcode ID: 343d7e40e23f2b69ea0f3f87055d78966064fecccc2209f95e27980a6d666856
                                                                                                                                                                                                                                                    • Instruction ID: d20ef28ba3a661570a37170cc1cb037ee34c17869917e6fdae16e7d63ecb3603
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 343d7e40e23f2b69ea0f3f87055d78966064fecccc2209f95e27980a6d666856
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A419534A00248ABCF10DF68C981F9EBBF5AF85314F149199E819BB362D7329917CB91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC30E9 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 119COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,?), ref: 00DC3126
                                                                                                                                                                                                                                                    • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000208), ref: 00DC3189
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00DC31C6
                                                                                                                                                                                                                                                      • Part of subcall function 00DB1B31: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000), ref: 00DB1B46
                                                                                                                                                                                                                                                      • Part of subcall function 00DFD57E: __EH_prolog3.LIBCMT ref: 00DFD585
                                                                                                                                                                                                                                                      • Part of subcall function 00DFD5F6: __EH_prolog3.LIBCMT ref: 00DFD5FD
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: H_prolog3$FileInfo$ByteCharMultiWide
                                                                                                                                                                                                                                                    • String ID: ???$MFCShellTreeCtrl_EnableShellContextMenu$TRUE
                                                                                                                                                                                                                                                    • API String ID: 1362241028-3649263699
                                                                                                                                                                                                                                                    • Opcode ID: 60940a89148e5a7798481b2412bee35d1349640ac39ec426c19e5a7ed27b69b6
                                                                                                                                                                                                                                                    • Instruction ID: cc2581a1449921cc7af97e2c584be346aca94e4392a91278e618d39f71a95e5f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60940a89148e5a7798481b2412bee35d1349640ac39ec426c19e5a7ed27b69b6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2415E3061020AABDF04EBA4CD56FAEB7B5EF14704F548458B516A72D1DB309A09DB70
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB52E1 Relevance: 10.6, APIs: 7, Instructions: 116windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000407,00000000,?), ref: 00DB5323
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DB5347
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000111,?,?), ref: 00DB5374
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DB5393
                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105,00000000), ref: 00DB5401
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DB540A
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F4), ref: 00DB541E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Parent$MessageSendWindow$LongRedraw
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4271267155-0
                                                                                                                                                                                                                                                    • Opcode ID: 0624c2ef62fb16b8a5b4b74408d19322e01b1e876f58168f185efc851625f0f5
                                                                                                                                                                                                                                                    • Instruction ID: 600bc260697705a8a023ad75382a62a72230f49185cd6dd15665884b90802593
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0624c2ef62fb16b8a5b4b74408d19322e01b1e876f58168f185efc851625f0f5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28318231600A16EFDB255B35DD48BBABAA8FB09381F1C5215F506963A9C7F1D800CBB0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9E6A4 Relevance: 10.6, APIs: 7, Instructions: 113fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,00000000,?,00000000), ref: 00D9E6C4
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00D9E6E0
                                                                                                                                                                                                                                                    • SetFilePointer.KERNEL32(?,?,?,?,00000000,?,?,?,00000000,00000000), ref: 00D9E70D
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,00000000), ref: 00D9E71B
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,00000000), ref: 00D9E73A
                                                                                                                                                                                                                                                    • SetEndOfFile.KERNEL32(?,?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000), ref: 00D9E797
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000), ref: 00D9E7B1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$File$PointerRead
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 839530781-0
                                                                                                                                                                                                                                                    • Opcode ID: 7208f33b726bd16e5e5be33eecf29a3207ce9a35de66ac38e0a501bf3c7b7303
                                                                                                                                                                                                                                                    • Instruction ID: e26d3a105c273ef6db39442d32fadcb96079feb9fb40aa36e903a217706e730a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7208f33b726bd16e5e5be33eecf29a3207ce9a35de66ac38e0a501bf3c7b7303
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3318031500118BFCF14AFA1EC09DAE7BA9EF44760F208565F919A7650DB70DE40DBB0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00E12992 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 95keyboardCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00E12999
                                                                                                                                                                                                                                                    • GetKeyboardLayout.USER32(00000000), ref: 00E129D6
                                                                                                                                                                                                                                                    • MapVirtualKeyExW.USER32(?,00000000,00000000), ref: 00E129DF
                                                                                                                                                                                                                                                    • GetKeyNameTextW.USER32(00000000,?,00000032), ref: 00E12A06
                                                                                                                                                                                                                                                    • IsCharLowerW.USER32(?,?,00000000), ref: 00E12A43
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CharH_prolog3_KeyboardLayoutLowerNameTextVirtual
                                                                                                                                                                                                                                                    • String ID: Pause
                                                                                                                                                                                                                                                    • API String ID: 2563161834-375111145
                                                                                                                                                                                                                                                    • Opcode ID: 65a647d05a601d3c4bf2bb3384c570f689451c3ed7cca0f959815d463ee36c58
                                                                                                                                                                                                                                                    • Instruction ID: 80c42ebf3f2028261bfd6ae4f35c61f9f0d2409b4c1461ac12e2dbcf63cea2ac
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65a647d05a601d3c4bf2bb3384c570f689451c3ed7cca0f959815d463ee36c58
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3731B171C00114AAEF20ABA4DC45EFEB7B8EF89704F20541EF561B7182EA35A995DB70
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00E2F9C5 Relevance: 10.6, APIs: 7, Instructions: 85COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LockWindowUpdate.USER32(00000000,00000004,00000004), ref: 00E2FA06
                                                                                                                                                                                                                                                    • ValidateRect.USER32(?,00000000), ref: 00E2FA42
                                                                                                                                                                                                                                                    • UpdateWindow.USER32(?), ref: 00E2FA4B
                                                                                                                                                                                                                                                    • LockWindowUpdate.USER32(00000000), ref: 00E2FA5C
                                                                                                                                                                                                                                                    • ValidateRect.USER32(?,00000000), ref: 00E2FA8A
                                                                                                                                                                                                                                                    • UpdateWindow.USER32(?), ref: 00E2FA93
                                                                                                                                                                                                                                                    • LockWindowUpdate.USER32(00000000), ref: 00E2FAA4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: UpdateWindow$Lock$RectValidate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 797752328-0
                                                                                                                                                                                                                                                    • Opcode ID: 0763bf3bf3cdef075b130d2d36a4a44a1ec3305aa2cf4541a935f4a3ccb09c3b
                                                                                                                                                                                                                                                    • Instruction ID: c3ece4ab82f144c0efb430fb6c6746f77f8e3f859d0daa59d60b8139da666b7c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0763bf3bf3cdef075b130d2d36a4a44a1ec3305aa2cf4541a935f4a3ccb09c3b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B431A071904214EFDB209F65E904BAAB7F5FF84704F215279E84AB72A0E730ED04CB50
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DA20B8 Relevance: 10.6, APIs: 7, Instructions: 69COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DA20D5
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00DA20F9
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00DA2106
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00DA2113
                                                                                                                                                                                                                                                    • EqualRect.USER32(?,?), ref: 00DA211E
                                                                                                                                                                                                                                                    • DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000014), ref: 00DA2145
                                                                                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014), ref: 00DA214F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$ClientRectScreen$DeferEqualParent
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 443303494-0
                                                                                                                                                                                                                                                    • Opcode ID: b8dbf3a6d34cffbbe7bf46402c1b44617c67feef35e619ada86d30ad326db53e
                                                                                                                                                                                                                                                    • Instruction ID: 70cc073077ca88854306d18dc24476f817ace6efa1edc0f369614de2207cf47f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8dbf3a6d34cffbbe7bf46402c1b44617c67feef35e619ada86d30ad326db53e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7621FFB590020AEFCB10DFA9DD449BEBBB8FF49700B20452AE905E3250E730A945CFA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9D5F8 Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00D9D612
                                                                                                                                                                                                                                                    • GetWindow.USER32(?,00000005), ref: 00D9D61B
                                                                                                                                                                                                                                                    • GetDlgCtrlID.USER32(00000000), ref: 00D9D62A
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00D9D63A
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00D9D658
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 00D9D668
                                                                                                                                                                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 00D9D675
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1315500227-0
                                                                                                                                                                                                                                                    • Opcode ID: ede498fb6ce7639ef1994093fd4de24d9de14c686cbcd92902d15f8fed87454b
                                                                                                                                                                                                                                                    • Instruction ID: d1e5ccf23e8e9e5ba005794d85a9059060324f5ff7fe2e10a4c0b3fc7133e0c8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ede498fb6ce7639ef1994093fd4de24d9de14c686cbcd92902d15f8fed87454b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E113D7190121DAFCB11AF669D08AAFBBA8EF85310F204126F905E3190D7749A09CBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DAC1E1 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(uxtheme.dll), ref: 00DAC1F3
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,BeginBufferedPaint), ref: 00DAC203
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000), ref: 00DAC20C
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000), ref: 00DAC21A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Pointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                                                                                                                                                    • String ID: BeginBufferedPaint$uxtheme.dll
                                                                                                                                                                                                                                                    • API String ID: 2061474489-1632326970
                                                                                                                                                                                                                                                    • Opcode ID: e9f3279e78fce9d2bf5cfac361d676c7f63a3b307606377c213f6848d3a03368
                                                                                                                                                                                                                                                    • Instruction ID: 5bf8861d02f8ae23b6e781b8ba4f057aa5752d46f0a8f4f1b23eaa8fceb2f8ce
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9f3279e78fce9d2bf5cfac361d676c7f63a3b307606377c213f6848d3a03368
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4F09031551219AFCF115FF5AE08A7A3BACFB4A7A57245060FE05E2260DB30D810EBA5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DAC6D8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(shell32.dll), ref: 00DAC6EA
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 00DAC6FA
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000), ref: 00DAC703
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000), ref: 00DAC711
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Pointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                                                                                                                                                    • String ID: SHCreateItemFromParsingName$shell32.dll
                                                                                                                                                                                                                                                    • API String ID: 2061474489-2320870614
                                                                                                                                                                                                                                                    • Opcode ID: 14830377519dc28aaf1acb0f854042c8fef1f0053dfaa4df4ec2a4b709e5ea20
                                                                                                                                                                                                                                                    • Instruction ID: 464bcea0ccaecc7340ae3e5b52a5b162431db466c44523036e7655ad77053569
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14830377519dc28aaf1acb0f854042c8fef1f0053dfaa4df4ec2a4b709e5ea20
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAF0903554121AAFCB115FA1AD0CA7A3BA8AB497A17245050FE05E6371EB30C814EFA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DAC2F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(user32.dll), ref: 00DAC302
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ChangeWindowMessageFilter), ref: 00DAC312
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000), ref: 00DAC31B
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000), ref: 00DAC329
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Pointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                                                                                                                                                    • String ID: ChangeWindowMessageFilter$user32.dll
                                                                                                                                                                                                                                                    • API String ID: 2061474489-2498399450
                                                                                                                                                                                                                                                    • Opcode ID: ef9770ff6fc2d0c6ecc2fb1836db287beed92cca76fcfa917e41f739205a6f61
                                                                                                                                                                                                                                                    • Instruction ID: 6d8ec77a5b66d728afc609de4fb246afc09678ced1bcdd35febc6a3cfab78b96
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef9770ff6fc2d0c6ecc2fb1836db287beed92cca76fcfa917e41f739205a6f61
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64F0A73155171DAFDF111B76AE0897D3BECEB5A7A27249061FD05E2360DB30D804D6A1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DAC627 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(uxtheme.dll), ref: 00DAC639
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EndBufferedPaint), ref: 00DAC649
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000), ref: 00DAC652
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000), ref: 00DAC660
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Pointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                                                                                                                                                    • String ID: EndBufferedPaint$uxtheme.dll
                                                                                                                                                                                                                                                    • API String ID: 2061474489-2993015961
                                                                                                                                                                                                                                                    • Opcode ID: 8f2ea926d7b48d946644d074886298188c0af04c39a2761f9c017b4cb8c333ec
                                                                                                                                                                                                                                                    • Instruction ID: c742f135cd8d822accf3ef4110c9a89dd0c0e6a2f4827831dcff6203271f84b3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f2ea926d7b48d946644d074886298188c0af04c39a2761f9c017b4cb8c333ec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4F0893165131DAFDB105B75AE0C9797BADAB467513286061BE05E2270DB30CC04E7A5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DAC29B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(uxtheme.dll,?,00DC745A,?,?,00DC70A1,8AC7FD4E,?,?,?,Function_0015D030,000000FF), ref: 00DAC2AA
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,BufferedPaintUnInit), ref: 00DAC2BA
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?,00DC745A,?,?,00DC70A1,8AC7FD4E,?,?,?,Function_0015D030,000000FF), ref: 00DAC2C3
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000,?,00DC745A,?,?,00DC70A1,8AC7FD4E,?,?,?,Function_0015D030,000000FF), ref: 00DAC2D1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Pointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                                                                                                                                                    • String ID: BufferedPaintUnInit$uxtheme.dll
                                                                                                                                                                                                                                                    • API String ID: 2061474489-1501038116
                                                                                                                                                                                                                                                    • Opcode ID: 208f40319db995dda7806171e5c312e44dc0c28a68dbe72826ccefb91f8415d0
                                                                                                                                                                                                                                                    • Instruction ID: d2075bed4c9f1f60b4a04ebff8bc007abb4977c34979756896512a8948f9c55d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 208f40319db995dda7806171e5c312e44dc0c28a68dbe72826ccefb91f8415d0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55E06536642625AFCB116BB27D0C7B93AA8AB967513255091F901F2260EA20CC05EAA9
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DAC686 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(shell32.dll,00000000,00DA1EFF), ref: 00DAC695
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InitNetworkAddressControl), ref: 00DAC6A5
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000), ref: 00DAC6AE
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000,00000000,00DA1EFF), ref: 00DAC6BC
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Pointer$AddressDecodeEncodeHandleModuleProc
                                                                                                                                                                                                                                                    • String ID: InitNetworkAddressControl$shell32.dll
                                                                                                                                                                                                                                                    • API String ID: 2061474489-1950653938
                                                                                                                                                                                                                                                    • Opcode ID: ddd1692d933e542680409e65a3be9c41c25c1ecc70e59cc6a4b903b67bb5ede4
                                                                                                                                                                                                                                                    • Instruction ID: 216aedacb01768326493e1d3e78efb0cdb8ce63edf56271180173a2276e4f984
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ddd1692d933e542680409e65a3be9c41c25c1ecc70e59cc6a4b903b67bb5ede4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1E02B32601B296FCB00AB717E0C53937ACAB9279133D6090F901E2170EF34CC00E7A0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB417E Relevance: 9.4, APIs: 6, Instructions: 440COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00DB4185
                                                                                                                                                                                                                                                      • Part of subcall function 00DA3A5A: GetWindowTextLengthW.USER32(?), ref: 00DA3A6C
                                                                                                                                                                                                                                                      • Part of subcall function 00DA3A5A: GetWindowTextW.USER32(?,00000000,00000001), ref: 00DA3A85
                                                                                                                                                                                                                                                    • InflateRect.USER32(?,?,?), ref: 00DB42DC
                                                                                                                                                                                                                                                    • SetRectEmpty.USER32(?), ref: 00DB42E8
                                                                                                                                                                                                                                                    • InflateRect.USER32(?,00000000,00000000), ref: 00DB4396
                                                                                                                                                                                                                                                    • OffsetRect.USER32(?,00000001,00000001), ref: 00DB4458
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00DB450E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$EmptyInflateTextWindow$H_prolog3_LengthOffset
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2648887860-0
                                                                                                                                                                                                                                                    • Opcode ID: 06a2d62e7370c50fd6304f3be7abd5c3c181409fb9a551a621006b3426fbdad5
                                                                                                                                                                                                                                                    • Instruction ID: 744c02e58284f1ed91b7cf2e3c2408ac6698915630944c06fd6195b9590039f4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06a2d62e7370c50fd6304f3be7abd5c3c181409fb9a551a621006b3426fbdad5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93F14970A00619DFCF14DFA8C994AED77B6FF88300F184179E806AB296DB74AD05CB61
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00ED73B8 Relevance: 9.3, APIs: 6, Instructions: 285COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 00ED7540
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ED755C
                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 00ED7573
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ED7591
                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 00ED75A8
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ED75C6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1992179935-0
                                                                                                                                                                                                                                                    • Opcode ID: ef774cacf1817f84d44bf6080eb3aae843b5b103258a267d360051ae951e5173
                                                                                                                                                                                                                                                    • Instruction ID: 4d65ec65fffc7299cd746618c0781e855100c019bd95871001286d448bab745f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef774cacf1817f84d44bf6080eb3aae843b5b103258a267d360051ae951e5173
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC81E372A04B069BD721AF29DC41B9A77E9EF44324F24652FF5A1E7381FB70D9028790
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DBE402 Relevance: 9.1, APIs: 6, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00DBE461
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000120C,00000000,00000001), ref: 00DBE4A8
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000120C,00000001,00000001), ref: 00DBE4DC
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000201,00000000,00000000), ref: 00DBE566
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000202,00000000,00000000), ref: 00DBE582
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 00DBE5A2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$Rect$Client
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4194289498-0
                                                                                                                                                                                                                                                    • Opcode ID: 6c8a01e8df6b6fb87c537fea112c61c63330062c05a0d219df1f62f5fa8974e5
                                                                                                                                                                                                                                                    • Instruction ID: 7ef708ec0c9f8d3e1ad71b5b81c484b9a4c4d6acacb6d4a11e6b26c847dd734e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c8a01e8df6b6fb87c537fea112c61c63330062c05a0d219df1f62f5fa8974e5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA517071A0021AEFCB15DF65C9489EEBBF5FF48310F184156E809E7251DB30AA51CF90
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DCEAB1 Relevance: 9.1, APIs: 6, Instructions: 145windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000010,00000000,00000000), ref: 00DCEB36
                                                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 00DCEBB1
                                                                                                                                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00DCEBC2
                                                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 00DCEBE0
                                                                                                                                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00DCEC10
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000020A,?,?), ref: 00DCEC6E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClientMessageScreenSendWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2093367132-0
                                                                                                                                                                                                                                                    • Opcode ID: 7673dc6f88f64cc00065e823d81e3948e0fae47fc9076613e5023ebf235691e4
                                                                                                                                                                                                                                                    • Instruction ID: 1572ae4e775d9e374e72f637905dee008577ad37d9cf0cdf45159562d905d6d8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7673dc6f88f64cc00065e823d81e3948e0fae47fc9076613e5023ebf235691e4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0941BFB2500617AEDB255F78CE49F7ABBA6FB04300F2C462DF582D34A1D665DD40DA31
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DD5141 Relevance: 9.1, APIs: 6, Instructions: 135COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FillRect.USER32(?,?,00000000), ref: 00DD5180
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DD51A1
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00DD51C3
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00DD526B
                                                                                                                                                                                                                                                    • MapWindowPoints.USER32(?,?,?,00000002), ref: 00DD527D
                                                                                                                                                                                                                                                    • DrawThemeBackground.UXTHEME(?,?,00000000,00000000,?,00000000), ref: 00DD52A5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$Window$BackgroundClientDrawFillParentPointsTheme
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2136005349-0
                                                                                                                                                                                                                                                    • Opcode ID: 1f3b79d0f5620a490ed991d48a4ea680ee84fe4e2afc06b36adc3459d17516fa
                                                                                                                                                                                                                                                    • Instruction ID: 12c8ada8b029df39cccf2d4eef78b2d558897f2166f74b080fdeec69d18ac7b2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f3b79d0f5620a490ed991d48a4ea680ee84fe4e2afc06b36adc3459d17516fa
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5651E875A00619DFCB10DFA9D9459AEBBF8FF89350B14456AE805A7325E730AD04CFA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB81E5 Relevance: 9.1, APIs: 6, Instructions: 96windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 00DB81F0
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000146,00000000,00000000), ref: 00DB8211
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00DB8225
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000146,00000000,00000000), ref: 00DB8253
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00DB8267
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00DB827F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$H_prolog3Window
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3728102838-0
                                                                                                                                                                                                                                                    • Opcode ID: a6d886eabc3d755b254597c4a0274d97276ea57c645291ad5e85d4e0fbe205ba
                                                                                                                                                                                                                                                    • Instruction ID: ef1adc76b0d9dd676e993072d4940495db3e02fabb510480cfb8571cf1a4c19b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a6d886eabc3d755b254597c4a0274d97276ea57c645291ad5e85d4e0fbe205ba
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C31CF3160052ABBCB14AB71CD55EAEBB79FF45754B200129F50AB32A1DB709D05CBB0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB87AA Relevance: 9.1, APIs: 6, Instructions: 86keyboardwindowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DB87DF
                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000012), ref: 00DB880D
                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000011), ref: 00DB881E
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000157,00000000,00000000), ref: 00DB8833
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000014F,00000001,00000000), ref: 00DB8848
                                                                                                                                                                                                                                                    • GetNextDlgTabItem.USER32(?,?,00000000), ref: 00DB8887
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSendState$ItemNextParent
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1930099164-0
                                                                                                                                                                                                                                                    • Opcode ID: e2034546068d69478fbde1e5a372b6bb8afa6f3ff9347ad48061179c5d6163d6
                                                                                                                                                                                                                                                    • Instruction ID: fe2d3c2a9dba55adcb9299c03534bdce1d90ef5bc8e0570c31e92b5f30d4f83f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2034546068d69478fbde1e5a372b6bb8afa6f3ff9347ad48061179c5d6163d6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C219039700605EFDA2C2BB5FD54ABA7AAEEB45741B98142DF247960A0DF60DC00FA70
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9E2C4 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00D9E2EE
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00D9E2F9
                                                                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000002), ref: 00D9E30C
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00D9E356
                                                                                                                                                                                                                                                    • FlushFileBuffers.KERNEL32(000000FF,00000000,00000000,00000000), ref: 00D9E370
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00D9E386
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentErrorLastProcess$BuffersDuplicateFileFlushHandle
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1021147024-0
                                                                                                                                                                                                                                                    • Opcode ID: 7f8aceeb527e45b42707583b88682f4ba28ed5d3caa5e1b5c52e2fa73d2e42aa
                                                                                                                                                                                                                                                    • Instruction ID: 90e3a54c17141eed48feb7237535c3d3ae20bf7c371da3a479984826a003905f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f8aceeb527e45b42707583b88682f4ba28ed5d3caa5e1b5c52e2fa73d2e42aa
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A121B531A00214AFDF14EFB5DC89A6A7BA8EF44310B284569F905E7291DB70DC05CB70
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC75F8 Relevance: 9.1, APIs: 6, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00DC75FF
                                                                                                                                                                                                                                                    • CreateRectRgnIndirect.GDI32(00000000), ref: 00DC761F
                                                                                                                                                                                                                                                      • Part of subcall function 00DA0E4A: SelectClipRgn.GDI32(?,00000000), ref: 00DA0E6A
                                                                                                                                                                                                                                                      • Part of subcall function 00DA0E4A: SelectClipRgn.GDI32(?,00000000), ref: 00DA0E80
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DC763F
                                                                                                                                                                                                                                                    • DrawThemeParentBackground.UXTHEME(?,00000000,00000000,00000000,?,?,00000018,00DB4747,?,?,?), ref: 00DC7660
                                                                                                                                                                                                                                                    • MapWindowPoints.USER32(?,?,00000000,00000001), ref: 00DC7694
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000014,00000000,00000000), ref: 00DC76C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClipParentSelect$BackgroundCreateDrawH_prolog3IndirectMessagePointsRectSendThemeWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 935984306-0
                                                                                                                                                                                                                                                    • Opcode ID: 3fabf97f8c8ee5fb9622482423bbc498a20f7e491f66dca4cf947ea77ef1e33a
                                                                                                                                                                                                                                                    • Instruction ID: 5804c0871123085d00988bcae97c2845cf64cf6d6e3bcae93232625315657f9f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fabf97f8c8ee5fb9622482423bbc498a20f7e491f66dca4cf947ea77ef1e33a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC310972A0020AAFCF01DFA4C959FAE7BB5FF08301F144418F616AB2A1DB759914DFA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DCA9A4 Relevance: 9.1, APIs: 6, Instructions: 79windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • PatBlt.GDI32(00000000,00000000,?,-00000002,00FF0062,00000000), ref: 00DCA9C8
                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?), ref: 00DCA9EE
                                                                                                                                                                                                                                                    • BitBlt.GDI32(00000000,00000000,?,00000000,?,00000000,00CC0020,?,00DCB375), ref: 00DCAA16
                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?), ref: 00DCAA30
                                                                                                                                                                                                                                                    • BitBlt.GDI32(00000000,00000000,?,00000000,?,00000000,00EE0086,?,00DCB375), ref: 00DCAA58
                                                                                                                                                                                                                                                    • BitBlt.GDI32(00000000,00000001,00000001,?,00000001,00000000,00000000,00000000,008800C6), ref: 00DCAA80
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Color
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2811717613-0
                                                                                                                                                                                                                                                    • Opcode ID: e85c7ffeef929b90e4d71b3e1a93eeb528be17a4aefad1ee6d6384fda1302a7b
                                                                                                                                                                                                                                                    • Instruction ID: 276bc23df22a43b94c49e4c1bf0d09abb094865856749c263b9595e3812eeffd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e85c7ffeef929b90e4d71b3e1a93eeb528be17a4aefad1ee6d6384fda1302a7b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC210532100749FFD7208F8ADD49EA7BBBEFB86B057114518FA4296171CBB1B854DB20
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB8AF0 Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00DB8AF7
                                                                                                                                                                                                                                                      • Part of subcall function 00D9D09B: IsWindowEnabled.USER32(?), ref: 00D9D0A6
                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001,0000000C,00DB8EAD), ref: 00DB8B23
                                                                                                                                                                                                                                                    • UpdateWindow.USER32(?), ref: 00DB8B2C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$EnabledH_prolog3InvalidateRectUpdate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 262192325-0
                                                                                                                                                                                                                                                    • Opcode ID: 664f776e66446be5ba05f5b91c6f84aa8b2ad102d83f893af7c58c4dfc3d0571
                                                                                                                                                                                                                                                    • Instruction ID: 16351047efabd3407c3656c92a2ba9354c5375c45fa71d3ff3b9e61ac46672dc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 664f776e66446be5ba05f5b91c6f84aa8b2ad102d83f893af7c58c4dfc3d0571
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6217C71804248EFCB21AFB5CD59EAFBBB9FF85300B20491DF05AA6251DB34A905DB71
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9D385 Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFocus.USER32 ref: 00D9D389
                                                                                                                                                                                                                                                      • Part of subcall function 00D9D6E5: GetWindowLongW.USER32(?,000000F0), ref: 00D9D700
                                                                                                                                                                                                                                                      • Part of subcall function 00D9D6E5: GetClassNameW.USER32(?,?,0000000A), ref: 00D9D715
                                                                                                                                                                                                                                                      • Part of subcall function 00D9D6E5: CompareStringW.KERNEL32(0000007F,00000001,?,000000FF,combobox,000000FF), ref: 00D9D72C
                                                                                                                                                                                                                                                    • GetParent.USER32(00000000), ref: 00D9D3AA
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00D9D3C9
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00D9D3D7
                                                                                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00D9D3DF
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000014F,00000000,00000000), ref: 00D9D3F3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$LongParent$ClassCompareDesktopFocusMessageNameSendString
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1233893325-0
                                                                                                                                                                                                                                                    • Opcode ID: 95529ab2a41384aeeb36f56d34f7a2ccd185ac1e433d71f4cad65fc65b6239e7
                                                                                                                                                                                                                                                    • Instruction ID: d0c6c1309ed6eceb0ea25d3c9ced42ccc894d3040540d49de94c085462a8de1a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 95529ab2a41384aeeb36f56d34f7a2ccd185ac1e433d71f4cad65fc65b6239e7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CCF0313520021A6FEB223B3A9E49B7E765ADB81F52F290116F905F61D49F249C0185B2
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DA4750 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 215windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00D9BB3C: __EH_prolog3.LIBCMT ref: 00D9BB43
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000433,00000000,?), ref: 00DA4928
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000FC), ref: 00DA4933
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000FC), ref: 00DA4947
                                                                                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000FC,00000000), ref: 00DA4970
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: LongWindow$H_prolog3MessageSend
                                                                                                                                                                                                                                                    • String ID: ,
                                                                                                                                                                                                                                                    • API String ID: 4140968126-3772416878
                                                                                                                                                                                                                                                    • Opcode ID: dcdade10f047929a1ab33fc47dc706e66c58987c58d66ab4bf2642dc0a716927
                                                                                                                                                                                                                                                    • Instruction ID: a9a9252d2618e7264c26d6798dbfbd6face3f66ac04056d4c2476377a76d021b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dcdade10f047929a1ab33fc47dc706e66c58987c58d66ab4bf2642dc0a716927
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7271D435B00215AFCF14AF75D984A6DBBE5FF8A310B14416AE805A7292DBB0DD00CBB1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9A740 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: H_prolog3
                                                                                                                                                                                                                                                    • String ID: Invalid DateTime
                                                                                                                                                                                                                                                    • API String ID: 431132790-2190634649
                                                                                                                                                                                                                                                    • Opcode ID: 27a2f604d5076e729a38edb1e9e6b0a213bf3200c3e6c7ba1f173b651001a0d5
                                                                                                                                                                                                                                                    • Instruction ID: 841e8f0423178a2af0726faf34660ea58bd6496daae20a39de5c95e6bdf1e61a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27a2f604d5076e729a38edb1e9e6b0a213bf3200c3e6c7ba1f173b651001a0d5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3541CE32514109ABCF04EFA8CC52ABE7B75EF40318F244508F5656B2D2DB309A41DBF6
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DAD375 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: Edit
                                                                                                                                                                                                                                                    • API String ID: 0-554135844
                                                                                                                                                                                                                                                    • Opcode ID: 5c3c9ccbd1e025b1d3a248ba0ba12616849c6bd8b6619b72d6200a708fd5af8a
                                                                                                                                                                                                                                                    • Instruction ID: 8b0088372ad632bb6108a6a67df40bee8b6d30786d26271d68149cb617fd460a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c3c9ccbd1e025b1d3a248ba0ba12616849c6bd8b6619b72d6200a708fd5af8a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C118230300605ABEF202A36EC09F6676AAEF4A740F284439B547E1CF1CBB5E845DA71
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9E246 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50libraryfileloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000,?,?,00000000,00000000,?,?,00D9DFA6,8AC7FD4E), ref: 00D9E259
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 00D9E269
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,?,8AC7FD4E,00D9DFA6,?,?,00000000,?,00000000,?,?,00000000,00000000,?,?,00D9DFA6), ref: 00D9E2B2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressCreateFileHandleModuleProc
                                                                                                                                                                                                                                                    • String ID: CreateFileTransactedW$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 2580138172-2053874626
                                                                                                                                                                                                                                                    • Opcode ID: 81994ea8a2a5ac1a94425e4f88e05d445830a180ab2546fb5da1303810b6a648
                                                                                                                                                                                                                                                    • Instruction ID: 177c941e82bf5d844d958ee13925d8ee50ced49768d69a50af790b14ab537084
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81994ea8a2a5ac1a94425e4f88e05d445830a180ab2546fb5da1303810b6a648
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2301443210020EBFDF128F95DD44CAA3F7AFB99391B288129FA15611A0C732C820EB60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DCC614 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FindResourceW.KERNEL32(00000000,?,PNG,?,?,?,00F05F10,?,00DCD4BB,?,00000000,?), ref: 00DCC636
                                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,00F05F10,?,00DCD4BB,?,00000000,?), ref: 00DCC644
                                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,00F05F10,?,00DCD4BB,?,00000000,?), ref: 00DCC64F
                                                                                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000,?,00F05F10,?,00DCD4BB,?,00000000,?), ref: 00DCC65D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                                                                                                    • String ID: PNG
                                                                                                                                                                                                                                                    • API String ID: 3473537107-364855578
                                                                                                                                                                                                                                                    • Opcode ID: 57ef29434f3f823a99f614fb50e5cf74eda82949471b4d7994d1bcfc66c7a30f
                                                                                                                                                                                                                                                    • Instruction ID: 7b2c4703fd5728fe5b519c8da61887e3fb9caead1b2493f3819e9153d189e29f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57ef29434f3f823a99f614fb50e5cf74eda82949471b4d7994d1bcfc66c7a30f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0BF0F63666121A7F8B015BA59E48E6F37ACDF85BD1324A05DFA05E3220DAB0DD04DBB1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DAC3DB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000), ref: 00DAC414
                                                                                                                                                                                                                                                      • Part of subcall function 00DA2979: GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 00DA299F
                                                                                                                                                                                                                                                      • Part of subcall function 00DA2979: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00DA29AF
                                                                                                                                                                                                                                                      • Part of subcall function 00DA2979: EncodePointer.KERNEL32(00000000,?,00000000), ref: 00DA29B8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DwmDefWindowProc), ref: 00DAC3FD
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000), ref: 00DAC406
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Pointer$AddressEncodeProc$DecodeHandleModule
                                                                                                                                                                                                                                                    • String ID: DwmDefWindowProc$dwmapi.dll
                                                                                                                                                                                                                                                    • API String ID: 1102202064-234806475
                                                                                                                                                                                                                                                    • Opcode ID: 39c422449f91df73b5afa2d8b4d46afa1dcc391a24550e829f57c7f53a68ea88
                                                                                                                                                                                                                                                    • Instruction ID: 098fbe0d5a2bc61f2a1dcb693d47e3c072b3f4fcf9f34dea21af102f4db14b77
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39c422449f91df73b5afa2d8b4d46afa1dcc391a24550e829f57c7f53a68ea88
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9F0963151161EAFCB115FA5AD1897A3BA9EB4E7A07245020FE05E1260DA70D810AAB4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DAC4FB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000), ref: 00DAC534
                                                                                                                                                                                                                                                      • Part of subcall function 00DA2979: GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 00DA299F
                                                                                                                                                                                                                                                      • Part of subcall function 00DA2979: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00DA29AF
                                                                                                                                                                                                                                                      • Part of subcall function 00DA2979: EncodePointer.KERNEL32(00000000,?,00000000), ref: 00DA29B8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DwmSetIconicLivePreviewBitmap), ref: 00DAC51D
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000), ref: 00DAC526
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Pointer$AddressEncodeProc$DecodeHandleModule
                                                                                                                                                                                                                                                    • String ID: DwmSetIconicLivePreviewBitmap$dwmapi.dll
                                                                                                                                                                                                                                                    • API String ID: 1102202064-1757063745
                                                                                                                                                                                                                                                    • Opcode ID: 6716204076b9ec98c9c6afd046c2c55824a1bf3acce462892a354aa651d6f75b
                                                                                                                                                                                                                                                    • Instruction ID: 05fc02155543ec315f3f2951f77230088921ffadb2e4fdbf397f72b131594fcc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6716204076b9ec98c9c6afd046c2c55824a1bf3acce462892a354aa651d6f75b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9F0F63695021AAFCF011B65ED0892A3FA8AB06761B241050FE04A2260CA30D800AAB0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DAC5C2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000), ref: 00DAC5FB
                                                                                                                                                                                                                                                      • Part of subcall function 00DA2979: GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 00DA299F
                                                                                                                                                                                                                                                      • Part of subcall function 00DA2979: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00DA29AF
                                                                                                                                                                                                                                                      • Part of subcall function 00DA2979: EncodePointer.KERNEL32(00000000,?,00000000), ref: 00DA29B8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DwmSetWindowAttribute), ref: 00DAC5E4
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000), ref: 00DAC5ED
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Pointer$AddressEncodeProc$DecodeHandleModule
                                                                                                                                                                                                                                                    • String ID: DwmSetWindowAttribute$dwmapi.dll
                                                                                                                                                                                                                                                    • API String ID: 1102202064-3105884578
                                                                                                                                                                                                                                                    • Opcode ID: ef64d1ea881cded600960d6d2f81c0e197da271bc6bbbd2f034304cb67a812db
                                                                                                                                                                                                                                                    • Instruction ID: 1959d09a52ea22f32f434dbc7bbb9ee48ff98480da8c74949beb918eb2d6090a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef64d1ea881cded600960d6d2f81c0e197da271bc6bbbd2f034304cb67a812db
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BEF0BB3191161AAFDF119F65ED0897A3BA8AB497A1B282011FE05F2170DB30DC10EAB1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DAC49C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000), ref: 00DAC4D5
                                                                                                                                                                                                                                                      • Part of subcall function 00DA2979: GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 00DA299F
                                                                                                                                                                                                                                                      • Part of subcall function 00DA2979: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00DA29AF
                                                                                                                                                                                                                                                      • Part of subcall function 00DA2979: EncodePointer.KERNEL32(00000000,?,00000000), ref: 00DA29B8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DwmIsCompositionEnabled), ref: 00DAC4BE
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000), ref: 00DAC4C7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Pointer$AddressEncodeProc$DecodeHandleModule
                                                                                                                                                                                                                                                    • String ID: DwmIsCompositionEnabled$dwmapi.dll
                                                                                                                                                                                                                                                    • API String ID: 1102202064-1198327662
                                                                                                                                                                                                                                                    • Opcode ID: 3dcbc06a88fc2d5ecf4bd63a1ccfdf5fcc91b3a641a6779fc9ae124d8f77c078
                                                                                                                                                                                                                                                    • Instruction ID: 97a212ff006b3c3fac2305afe2f350474b26893106a8f4138383de7742f5ac06
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3dcbc06a88fc2d5ecf4bd63a1ccfdf5fcc91b3a641a6779fc9ae124d8f77c078
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ABF0E93566171A9FC7016B65ED18B393BEC9B4BBA5B205060FD05F6250DF60EC009BF4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DAC560 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000), ref: 00DAC599
                                                                                                                                                                                                                                                      • Part of subcall function 00DA2979: GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 00DA299F
                                                                                                                                                                                                                                                      • Part of subcall function 00DA2979: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00DA29AF
                                                                                                                                                                                                                                                      • Part of subcall function 00DA2979: EncodePointer.KERNEL32(00000000,?,00000000), ref: 00DA29B8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DwmSetIconicThumbnail), ref: 00DAC582
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000), ref: 00DAC58B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Pointer$AddressEncodeProc$DecodeHandleModule
                                                                                                                                                                                                                                                    • String ID: DwmSetIconicThumbnail$dwmapi.dll
                                                                                                                                                                                                                                                    • API String ID: 1102202064-2331651847
                                                                                                                                                                                                                                                    • Opcode ID: f078b15fa7912e1f9564d0532c4b20d3547a97d8e93593cc814301b6622807e9
                                                                                                                                                                                                                                                    • Instruction ID: 1f2cb7f5f0ffc46fc5539ada10e0bf145caa53571a0d428d98c0196d30790a3b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f078b15fa7912e1f9564d0532c4b20d3547a97d8e93593cc814301b6622807e9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1FF08935D5171AAFDB111B65AD0897A3FADEF497617241051FD06E6260DB30DD00AAB0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DAC440 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(00000000), ref: 00DAC479
                                                                                                                                                                                                                                                      • Part of subcall function 00DA2979: GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 00DA299F
                                                                                                                                                                                                                                                      • Part of subcall function 00DA2979: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00DA29AF
                                                                                                                                                                                                                                                      • Part of subcall function 00DA2979: EncodePointer.KERNEL32(00000000,?,00000000), ref: 00DA29B8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DwmInvalidateIconicBitmaps), ref: 00DAC462
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000), ref: 00DAC46B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Pointer$AddressEncodeProc$DecodeHandleModule
                                                                                                                                                                                                                                                    • String ID: DwmInvalidateIconicBitmaps$dwmapi.dll
                                                                                                                                                                                                                                                    • API String ID: 1102202064-1901905683
                                                                                                                                                                                                                                                    • Opcode ID: fe9c7962dd974eb21611d2ea2072f8ed2983290fa26ebb8376d6d23290a7a904
                                                                                                                                                                                                                                                    • Instruction ID: f8981e2469d97726e99d2a839899662b9037b885f48725919d63ea67aeeaf6d8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe9c7962dd974eb21611d2ea2072f8ed2983290fa26ebb8376d6d23290a7a904
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04F02731A1172ABFDB102775AD189393BAC9B4E7627201011FD09E2260DF60EC0096F4
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DBC4D9 Relevance: 7.6, APIs: 5, Instructions: 143windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000120C,00000000,00000002), ref: 00DBC55C
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000120C,00000001,00000002), ref: 00DBC591
                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00DBC5B7
                                                                                                                                                                                                                                                    • GetCapture.USER32 ref: 00DBC646
                                                                                                                                                                                                                                                    • ReleaseCapture.USER32 ref: 00DBC650
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CaptureMessageSend$RedrawReleaseWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2167886739-0
                                                                                                                                                                                                                                                    • Opcode ID: 2c0aeef00c5b2327e32f9b6db2cb2c4a97935572843a998757fc6e3881ab7641
                                                                                                                                                                                                                                                    • Instruction ID: c8be6709831d658763aabc6f8990c23078d185d057fe918b38bdc2300e4562f9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c0aeef00c5b2327e32f9b6db2cb2c4a97935572843a998757fc6e3881ab7641
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11414E35610214DFCB159F25DC88FBD7BA5FF88750F28106AE806A73A1DB70AD01CAA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DF85D1 Relevance: 7.6, APIs: 5, Instructions: 100windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsWindow.USER32(00000000), ref: 00DF85EF
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000439,00000000,?), ref: 00DF8634
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000410,00000000,?), ref: 00DF8678
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(00000000,?), ref: 00DF86A0
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000407,00000000,?), ref: 00DF86C8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$ClientScreenWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4074774880-0
                                                                                                                                                                                                                                                    • Opcode ID: 2f329595c7c5390f337ce3a88e34efd31f3a7b61e4133cfad6de898a52efa54e
                                                                                                                                                                                                                                                    • Instruction ID: d0a13813b3e0d594c1618fb74f13474837d0a7bffd2e7ae4cf894a91fe7a71ad
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f329595c7c5390f337ce3a88e34efd31f3a7b61e4133cfad6de898a52efa54e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE31A47190021CABDB04DFA5DD45AEEBBB9FB48710F244116FA01B7291D770AE05DBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC06A1 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00D9FC25: __EH_prolog3.LIBCMT ref: 00D9FC2C
                                                                                                                                                                                                                                                      • Part of subcall function 00D9FC25: GetDC.USER32(00000000), ref: 00D9FC58
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00DC06C9
                                                                                                                                                                                                                                                    • InvertRect.USER32(?,?), ref: 00DC06D7
                                                                                                                                                                                                                                                    • SetRectEmpty.USER32(?), ref: 00DC06E9
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00DC0706
                                                                                                                                                                                                                                                    • InvertRect.USER32(?,?), ref: 00DC0756
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$EmptyInvert$ClientH_prolog3
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1656078942-0
                                                                                                                                                                                                                                                    • Opcode ID: 62004d494acab1d2c65dc48fe3e4efe7a3b1cba991a35ca41e5d678b16970961
                                                                                                                                                                                                                                                    • Instruction ID: 2f59ce1e7990c51a56f1e5f94882c2d17d141fcc2305f889d2dc04ca7ee9f4c2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62004d494acab1d2c65dc48fe3e4efe7a3b1cba991a35ca41e5d678b16970961
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE211D71A006099FCB15DFB5D985AEEBBF9FF49300F24442DE405E7211E7716A49CB60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DDB735 Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FillRect.USER32(?,?,00000000), ref: 00DDB772
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DDB789
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00DDB79C
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DDB7A5
                                                                                                                                                                                                                                                    • MapWindowPoints.USER32(?,?,?,00000002), ref: 00DDB7BD
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ParentRect$ClientFillPointsWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3058756167-0
                                                                                                                                                                                                                                                    • Opcode ID: cd4f64d71baa4ba4f3a4d3b73432bfd8d48bc79474e9fc2e43f120af7e2a9382
                                                                                                                                                                                                                                                    • Instruction ID: 28144509256b0c8a455825ac788931260c78d6549f1db5fff87eee614910db3b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd4f64d71baa4ba4f3a4d3b73432bfd8d48bc79474e9fc2e43f120af7e2a9382
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33217F72900119EFCB05EFA4CD458AEBBB9FF49700B65405AF906A7221DB71AA04CFE1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DCB82B Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00DCB849
                                                                                                                                                                                                                                                      • Part of subcall function 00D9D451: DeleteObject.GDI32(?), ref: 00D9D463
                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00DCB85E
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00DCB8C4
                                                                                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 00DCB8D3
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00F51440), ref: 00DCB8EA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Object$Delete$Select$CriticalLeaveSection
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3849354926-0
                                                                                                                                                                                                                                                    • Opcode ID: bd3ba156bb633ca40149ead15c00c395b6f3970bb23098d0f57427dfaf31ac5c
                                                                                                                                                                                                                                                    • Instruction ID: 76e147b4c06aaca03a95a27158f9e7090cf48acca39f72ce6ed4f195f7766338
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd3ba156bb633ca40149ead15c00c395b6f3970bb23098d0f57427dfaf31ac5c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17218071800205DFDF10AF95D885B99BBA9FF41325F24416AEA14AB0A6CB71E845DB70
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DDC2A5 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DrawThemeBackground.UXTHEME(00000000,?,00000001,00000000,?,00000000), ref: 00DDC2D9
                                                                                                                                                                                                                                                    • GetThemeColor.UXTHEME(00000000,00000001,00000000,00000EDB,?), ref: 00DDC2EC
                                                                                                                                                                                                                                                    • GetThemeColor.UXTHEME(00000000,00000001,00000000,00000EDF,?), ref: 00DDC301
                                                                                                                                                                                                                                                    • GetSysColorBrush.USER32(00000018), ref: 00DDC30B
                                                                                                                                                                                                                                                    • FillRect.USER32(?,?,00000000), ref: 00DDC322
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ColorTheme$BackgroundBrushDrawFillRect
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3021913306-0
                                                                                                                                                                                                                                                    • Opcode ID: d09046abf41568ff20735d834217f596b0ea8cc069b5523a274586d5d25fc130
                                                                                                                                                                                                                                                    • Instruction ID: b4df8343861730a00aecf728dd08193d7852282d1163a45ecf8f4bfb702b0676
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d09046abf41568ff20735d834217f596b0ea8cc069b5523a274586d5d25fc130
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92118E72250259BFDB248F94DD46FAA77A8FB48B40F20441AF702B61D0C7B1F810DB60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC539F Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetObjectW.GDI32(?,0000005C,?), ref: 00DC53C8
                                                                                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00DC53DF
                                                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 00DC53F9
                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00DC5417
                                                                                                                                                                                                                                                    • UpdateWindow.USER32(?), ref: 00DC5420
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$CreateFontIndirectInvalidateObjectRectUpdate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1602852816-0
                                                                                                                                                                                                                                                    • Opcode ID: 026192afb79043fbe6238e61efa4a496e3bc2cb4ce675269e193fe274d7547cd
                                                                                                                                                                                                                                                    • Instruction ID: 99d55f32d0f1d7f0b167d58def6889c1caf00c77b09575cd277b4dfd60d1ae80
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 026192afb79043fbe6238e61efa4a496e3bc2cb4ce675269e193fe274d7547cd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B11AC31600619AFDB15ABB4DD09FAEB7B9FB48700F244019F905A7191EB70E954CBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB50A7 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClientCursorRect$Screen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1023402310-0
                                                                                                                                                                                                                                                    • Opcode ID: aeba83655264b497d57aba333b92880397f449311799c534a753739385bea9c9
                                                                                                                                                                                                                                                    • Instruction ID: ce52da15506224f63f1eead8c817f82df7761377d2f9416a468a06dfe6a43c0b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aeba83655264b497d57aba333b92880397f449311799c534a753739385bea9c9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32111C71D0020EDFCB119FA5D9059BFBBF9FF88300B20452AE406A2110E7756A06DF60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB79B7 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 00DB79D5
                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000401), ref: 00DB79F3
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 00DB7A10
                                                                                                                                                                                                                                                    • ReleaseCapture.USER32 ref: 00DB7A20
                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000401), ref: 00DB7A30
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: RectRedrawWindow$CaptureRelease
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1080614547-0
                                                                                                                                                                                                                                                    • Opcode ID: b1355cc2608a1005c2904cea51d361d3a42f837cda143380a6dfe41f692322e3
                                                                                                                                                                                                                                                    • Instruction ID: 797cd78e6d6aba0da57b79f75f31ca23323f359b77b464bb64122fb3b84d23e3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1355cc2608a1005c2904cea51d361d3a42f837cda143380a6dfe41f692322e3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28010C31504609EFCB215F72DD48EAB7BB9FBC4B01F21881AF69E92010EA31A515EB60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DBD31A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FillRect.USER32(?,?,?), ref: 00DBD34B
                                                                                                                                                                                                                                                    • FillRect.USER32(?,?,?), ref: 00DBD393
                                                                                                                                                                                                                                                    • InflateRect.USER32(?,000000FC,000000FC), ref: 00DBD3D4
                                                                                                                                                                                                                                                      • Part of subcall function 00D9FBE1: __EH_prolog3.LIBCMT ref: 00D9FBE8
                                                                                                                                                                                                                                                      • Part of subcall function 00D9FBE1: CreateSolidBrush.GDI32(?), ref: 00D9FC03
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$Fill$BrushCreateH_prolog3InflateSolid
                                                                                                                                                                                                                                                    • String ID: `
                                                                                                                                                                                                                                                    • API String ID: 1940447340-4168407445
                                                                                                                                                                                                                                                    • Opcode ID: 873fa1523309e7cffb470bcf7ef3985577e51cf404943fb3c8bf8235a0d421e6
                                                                                                                                                                                                                                                    • Instruction ID: 51897a5fc4c0a95b72b64fdad089fd9e2ddf1f76292d05e4246c752d63dc54f6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 873fa1523309e7cffb470bcf7ef3985577e51cf404943fb3c8bf8235a0d421e6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B417371500119EFCB05DF68D8859ADB7BAFF45320B244255F826A7292EB30ED05CBB1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9D556 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00D9D811: LoadLibraryW.KERNEL32(?,00F38CE0,00000010,00D9D581,comctl32.dll), ref: 00D9D852
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 00D9D595
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,comctl32.dll), ref: 00D9D5E1
                                                                                                                                                                                                                                                      • Part of subcall function 00D9D543: GetLastError.KERNEL32(?,?,00000000), ref: 00D9D543
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Library$AddressErrorFreeLastLoadProc
                                                                                                                                                                                                                                                    • String ID: DllGetVersion$comctl32.dll
                                                                                                                                                                                                                                                    • API String ID: 2540614322-3857068685
                                                                                                                                                                                                                                                    • Opcode ID: 6ea6e1bc86d59a8ed4ff484c5f525088ad7a1175e7ea51f47b6bfb2c5b6f2945
                                                                                                                                                                                                                                                    • Instruction ID: bf7e5b4ec973b14c61ff698320add25b5c449256bd40f7a018f05a3361e87a13
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ea6e1bc86d59a8ed4ff484c5f525088ad7a1175e7ea51f47b6bfb2c5b6f2945
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E119175A00209AFCB11EFA9C845BAEBBF6EF85715F214068E901A7391EB34D905CB71
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9B09F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(Advapi32.dll,?,?,?,00D9AF91,?,?,00000000,?,?,?,?,?,?,8AC7FD4E), ref: 00D9B0B0
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 00D9B0C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                    • String ID: Advapi32.dll$RegCreateKeyTransactedW
                                                                                                                                                                                                                                                    • API String ID: 1646373207-2994018265
                                                                                                                                                                                                                                                    • Opcode ID: 9956323ec03e17775a99e6383e3c45debeb713739fb0614fb99e536dda14f415
                                                                                                                                                                                                                                                    • Instruction ID: c7a83de0af697cb42a7ece3e791217904fa3fe197e0de61faffb63a127af05f4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9956323ec03e17775a99e6383e3c45debeb713739fb0614fb99e536dda14f415
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3018B32240209EFDF125F95ED14AF93BB6FF88361F254066F645A1170D771C461DB60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9B10F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00D9B122
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 00D9B132
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                    • String ID: Advapi32.dll$RegDeleteKeyTransactedW
                                                                                                                                                                                                                                                    • API String ID: 1646373207-2168864297
                                                                                                                                                                                                                                                    • Opcode ID: 46c674a9f6687e8203b519e49ccab8a26c62c5068570aae886790bb90fee28ba
                                                                                                                                                                                                                                                    • Instruction ID: 3a44954af183f96eb9953e4e2cf391ee4a9a8bf942e3199fbffabbd8c6b34e9c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46c674a9f6687e8203b519e49ccab8a26c62c5068570aae886790bb90fee28ba
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6F06D72201309EF9B101A95BE9883777ADEBC47A932A803BE644A1120DB718C04C660
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9D6E5 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00D9D700
                                                                                                                                                                                                                                                    • GetClassNameW.USER32(?,?,0000000A), ref: 00D9D715
                                                                                                                                                                                                                                                    • CompareStringW.KERNEL32(0000007F,00000001,?,000000FF,combobox,000000FF), ref: 00D9D72C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ClassCompareLongNameStringWindow
                                                                                                                                                                                                                                                    • String ID: combobox
                                                                                                                                                                                                                                                    • API String ID: 1414938635-2240613097
                                                                                                                                                                                                                                                    • Opcode ID: 216bac96c735dc3137047a39fabe1910c538d7ec18dcc5edb8e1abcfe91f0e1d
                                                                                                                                                                                                                                                    • Instruction ID: 2c43a3bcc20c6ece2fc248fe77dac12f20a4578066b8813b65ae4c5b609ea36b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 216bac96c735dc3137047a39fabe1910c538d7ec18dcc5edb8e1abcfe91f0e1d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7EF0C23165421DAFDB00EBB89D42EBEB7A8DB16720F704315F523FA1D1DB20AA05C7A5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9B16E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 00D9B17F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 00D9B18F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                    • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                                                                                                                                                                                                                    • API String ID: 1646373207-3913318428
                                                                                                                                                                                                                                                    • Opcode ID: 47331e856699ea1d22dd49da9553a759f6d5b0706097be0c12f772ad3498a7e2
                                                                                                                                                                                                                                                    • Instruction ID: 5669eb59ac727ad3eead312812e76cbd7d11c711c01c17552a669a6b16a8c91e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47331e856699ea1d22dd49da9553a759f6d5b0706097be0c12f772ad3498a7e2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8CF0C832200309AFCF121F55FD18B7A37AAEF853A1F254036F601A11B0D7718854DBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DA895C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,80070057), ref: 00DA8973
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetFileAttributesTransactedW), ref: 00DA8983
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                    • String ID: GetFileAttributesTransactedW$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 1646373207-1378992308
                                                                                                                                                                                                                                                    • Opcode ID: 300c0018d56d0346d1e49fd1bd7fff90bf766fdf8cc364357d73ed6eae5ca749
                                                                                                                                                                                                                                                    • Instruction ID: bf1de3948cfcdcad0fed8d7d8ab50066b029b43bc84e2b69dec3bd5cbabaf334
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 300c0018d56d0346d1e49fd1bd7fff90bf766fdf8cc364357d73ed6eae5ca749
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DCF09631101609DFEB210FA5ED4CB7B77E8FB55355F244439ED00A2160DBB18854DA62
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DDB2BE Relevance: 6.4, APIs: 4, Instructions: 377windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetBkColor.GDI32(?), ref: 00DDB2FF
                                                                                                                                                                                                                                                    • GetTextColor.GDI32(?), ref: 00DDB3AB
                                                                                                                                                                                                                                                    • GetBkColor.GDI32(?), ref: 00DDB59C
                                                                                                                                                                                                                                                    • DrawIconEx.USER32(?,?,?,?,?,?,00000000,00000000,00000003), ref: 00DDB6A9
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Color$DrawIconText
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2759393849-0
                                                                                                                                                                                                                                                    • Opcode ID: a9e7ecd08f7a97208aebcc9face7b06ddb82953f4d6ba4a0832a13c072f25dc9
                                                                                                                                                                                                                                                    • Instruction ID: 6b0ccccf5216fae2f5aa9819ace9e1afc6f3b82c8619925a33752ce6f8fabc0e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9e7ecd08f7a97208aebcc9face7b06ddb82953f4d6ba4a0832a13c072f25dc9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8E14E75A00519DFCF04DFA8C984AAEBBB6FF48318F15416AE805AB391D770ED45CBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00E2E2DC Relevance: 6.3, APIs: 4, Instructions: 288keyboardCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetRectEmpty.USER32(?), ref: 00E2E30A
                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000011), ref: 00E2E312
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00E2E37C
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00E2E54F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$Empty$StateWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2684165152-0
                                                                                                                                                                                                                                                    • Opcode ID: 1d387e0b0886f7234e6a994017ced3d668c6fb637aff2e18d8a4f40563eb1b88
                                                                                                                                                                                                                                                    • Instruction ID: 71a0657c2fcd483f123e22158adf4891a292dd1bc4c95563210e7e43d6423406
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d387e0b0886f7234e6a994017ced3d668c6fb637aff2e18d8a4f40563eb1b88
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAA17E36A002299FCF15DF64DC45AAEBBB5FF88314F24405AE806B7390DB35AC41CBA1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DCD352 Relevance: 6.2, APIs: 4, Instructions: 185COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00DCD359
                                                                                                                                                                                                                                                    • LoadImageW.USER32(?,?,00000000,00000000,00000000,00002000), ref: 00DCD4FC
                                                                                                                                                                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 00DCD50E
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00DCD566
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Object$DeleteH_prolog3ImageLoad
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 91933946-0
                                                                                                                                                                                                                                                    • Opcode ID: 1e2b8ec070de775403a01d18c64ed3ba091ec7e03301955e66ffb967e13439e5
                                                                                                                                                                                                                                                    • Instruction ID: f3608402ad7700df32216b4e7a2dd1e9676f6ae1b993a3a07c2717e713e86771
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e2b8ec070de775403a01d18c64ed3ba091ec7e03301955e66ffb967e13439e5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E716B718002168BCF19DF54C884BAE77B6EF49310F28817DED196B296DB31A945CBB0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00E4746A Relevance: 6.2, APIs: 4, Instructions: 164COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$CopyEmptyWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2176940440-0
                                                                                                                                                                                                                                                    • Opcode ID: 7557dd9c61208d9d888d09f6cc26a2afdd25f6148ea1eff9aab7beb59bbbcc03
                                                                                                                                                                                                                                                    • Instruction ID: bc42a667052a4930ed0b3ff895bcc40178bae1bd341c754de9e0fb02e4478ce9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7557dd9c61208d9d888d09f6cc26a2afdd25f6148ea1eff9aab7beb59bbbcc03
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF5103B1D00209AFCB10DFA9D9849EEBBF9EF44340B20416AE805B7211DB70AA05CBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DD19AC Relevance: 6.1, APIs: 4, Instructions: 145windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetRectEmpty.USER32(?), ref: 00DD1A5D
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00DD1A6A
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000000B,00000000,00000000), ref: 00DD1AA4
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000000B,00000001,00000000), ref: 00DD1B3C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageRectSend$EmptyWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1914275016-0
                                                                                                                                                                                                                                                    • Opcode ID: 37ff627f3bdcb31b85f3bb8117403b4c9e9437da773f80de241dbc69a425f777
                                                                                                                                                                                                                                                    • Instruction ID: 2d4f39bbdd5a25f15d4204caa587e44454dcd9ff12dc4e8d97995dabbb076826
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 37ff627f3bdcb31b85f3bb8117403b4c9e9437da773f80de241dbc69a425f777
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13516F35A00119AFCF049F65CC98BBEBBB5FF89300F25406AE906A7391DB70AD05CB91
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB5516 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 00DB55AE
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00DB5678
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00DB5681
                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00DB5690
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Object$Delete
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 774837909-0
                                                                                                                                                                                                                                                    • Opcode ID: 46313fb408054a0e9eb2be4c44454cff8c4849c9e71cb92925193fbb0583d268
                                                                                                                                                                                                                                                    • Instruction ID: 95e62c37db51759338b5c67ac43bf2bc9d3dfbed40e772365138a59b947d303b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46313fb408054a0e9eb2be4c44454cff8c4849c9e71cb92925193fbb0583d268
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD415E72900A0ADBDB24DF64E885BEE77F6EB44311F684125E813A7285D774CD85CBB0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00E01883 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: EmptyRect
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2270935405-0
                                                                                                                                                                                                                                                    • Opcode ID: f719b09d2837bd4036922c3b127f0ece82fb1bc681c237be2af11276d5e97107
                                                                                                                                                                                                                                                    • Instruction ID: 752629a7d9da24e577eb95a450c1780b939a36d6e6e2420423c2373ee5a1baa8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f719b09d2837bd4036922c3b127f0ece82fb1bc681c237be2af11276d5e97107
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E751E2B08212258FCB20DF6989846E53BA8FB09B50F1841BBED0DDE65ACBB05441DFB1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DBC66F Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetRectEmpty.USER32(?), ref: 00DBC6F6
                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,?,00000000,00000105), ref: 00DBC70B
                                                                                                                                                                                                                                                    • IsRectEmpty.USER32(?), ref: 00DBC763
                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,?,00000000,00000105), ref: 00DBC78F
                                                                                                                                                                                                                                                      • Part of subcall function 00DBC7A6: RedrawWindow.USER32(00000000,?,00000000,00000105), ref: 00DBC81A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: RedrawWindow$EmptyRect
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 138230908-0
                                                                                                                                                                                                                                                    • Opcode ID: 96ef11c28092bb05bbacf490941de0d6180a33bea7b3b109d062bceab884d7f6
                                                                                                                                                                                                                                                    • Instruction ID: 3aac63d89602934fefea7bbed0a6a8ac328e7f7b416afab36f5b5b30359dc041
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96ef11c28092bb05bbacf490941de0d6180a33bea7b3b109d062bceab884d7f6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75415E75A10619DFCB05DF64C884AEEB7B9FF48300F245069ED06AF251DB71AA45CFA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB24BE Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DB24E6
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00DB252B
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00DB2574
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000007), ref: 00DB258A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$ClientMetricsParentSystemWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2120119201-0
                                                                                                                                                                                                                                                    • Opcode ID: 1f09ab568092a4d401b0572e14467e2cbb01f484ebb00aaf91cd69f0a2cf6f04
                                                                                                                                                                                                                                                    • Instruction ID: 5c8928375a7c45d6b752a27a2886ae98f4afc0156ae898756b808433140f50da
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f09ab568092a4d401b0572e14467e2cbb01f484ebb00aaf91cd69f0a2cf6f04
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7241F3B1D002099FCF15DFA9D9459EEBBF5FF49310B24442AE806B3250EB71AA05CF65
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DAB2E3 Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetRectEmpty.USER32(00000000), ref: 00DAB2EF
                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,00000000), ref: 00DAB30F
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DAB32E
                                                                                                                                                                                                                                                    • OffsetRect.USER32(00000000,00000000,00000000), ref: 00DAB3B0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$ClientEmptyOffsetParent
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3819956977-0
                                                                                                                                                                                                                                                    • Opcode ID: 14e2d6aaf704d90d06092fc455338b40ef1d213cd76c673906112ee1bcbbc89d
                                                                                                                                                                                                                                                    • Instruction ID: 381c561505ef4b2d30404794d8ba87a98f2da53848c3fcd04b6ffd5767909174
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14e2d6aaf704d90d06092fc455338b40ef1d213cd76c673906112ee1bcbbc89d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE319672200602EFDB14DF65D895D7AB7A5FF85720714821FF40A8B296EB60EC41CBB0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00E47629 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: EmptyRect
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2270935405-0
                                                                                                                                                                                                                                                    • Opcode ID: dbb1b97a19cfeb0ab00adf9b1303246f2e53fe1a509ebf30e0f73ca4fb95f27b
                                                                                                                                                                                                                                                    • Instruction ID: 6a9b19bcb8277224eee71ef5733f09dc250d85d9b6a6a2a27aff46b595141061
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbb1b97a19cfeb0ab00adf9b1303246f2e53fe1a509ebf30e0f73ca4fb95f27b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D731AF719012199FCF15DF98D884AEE7BB9EF08714F2050AAE801BB242C7719D49CFD0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DD29D3 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00DD2A00
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DD2A09
                                                                                                                                                                                                                                                      • Part of subcall function 00DA0E0B: ScreenToClient.USER32(?,?), ref: 00DA0E1A
                                                                                                                                                                                                                                                      • Part of subcall function 00DA0E0B: ScreenToClient.USER32(?,?), ref: 00DA0E27
                                                                                                                                                                                                                                                    • OffsetRect.USER32(?,00000000,?), ref: 00DD2A4A
                                                                                                                                                                                                                                                    • OffsetRect.USER32(?,?,00000000), ref: 00DD2A5A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$ClientOffsetScreen$ParentWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 182828750-0
                                                                                                                                                                                                                                                    • Opcode ID: f0330857962ab86856173b4349679dca943f2220a295ab189f6153dd87c78b4e
                                                                                                                                                                                                                                                    • Instruction ID: ead65a02e30a71bf2530e3d96dd4fb9c42876a6d646a392c2e3cd1bfed21ddd7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0330857962ab86856173b4349679dca943f2220a295ab189f6153dd87c78b4e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4210E72900109AFDF15DFE8DD889BEB7BDFB48310B24452AF506E3251DA74AE04CB61
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DDC55E Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000585,?,?,00000000,?,00DDC83B,00000002,00000000), ref: 00DDC58F
                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000585,?,00000000,?,00DDC83B,00000002,00000000), ref: 00DDC5BC
                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000185,?,00000000,?,00DDC83B,00000002,00000000), ref: 00DDC5F9
                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000585,?), ref: 00E2B33C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: RedrawWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2219533335-0
                                                                                                                                                                                                                                                    • Opcode ID: ec62c62549eb90f0a3e163f6c165f3a2fb567b890cbab91db8ccf01fb38660c6
                                                                                                                                                                                                                                                    • Instruction ID: b10b109115d2eddcf05d240bf74e3e72326c639331c036497d0afdb0b0e123fe
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec62c62549eb90f0a3e163f6c165f3a2fb567b890cbab91db8ccf01fb38660c6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E021C836650B12ABD7221B15EC01B2677B1BF85B20F2A1116FC857B6E0EB61FD10DAB1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB6A87 Relevance: 6.1, APIs: 4, Instructions: 76windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00DB6A8E
                                                                                                                                                                                                                                                    • GetSystemPaletteEntries.GDI32(?,00000000,00000100,00000004), ref: 00DB6B05
                                                                                                                                                                                                                                                    • CreatePalette.GDI32(00000000), ref: 00DB6B52
                                                                                                                                                                                                                                                      • Part of subcall function 00DB61F3: GetObjectW.GDI32(?,00000002,?), ref: 00DB6200
                                                                                                                                                                                                                                                    • GetPaletteEntries.GDI32(00000000,00000000,00000000,00000004), ref: 00DB6B39
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Palette$Entries$CreateH_prolog3ObjectSystem
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 374951733-0
                                                                                                                                                                                                                                                    • Opcode ID: 591860fd2de882b32e974ea59e18b593a401343e5986f0fe4637a783f2a27962
                                                                                                                                                                                                                                                    • Instruction ID: 6661f4c8c06eb0b3241e3f989e22d1325eb5040251c2d28f487f7fc46faf8a28
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 591860fd2de882b32e974ea59e18b593a401343e5986f0fe4637a783f2a27962
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4218E32600104DBDB04AF64C955BAE77B4FF48710F288069F80AAB292EF74DD45CBB5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB25EB Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00DB2609
                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,00000000), ref: 00DB2650
                                                                                                                                                                                                                                                    • OffsetRect.USER32(00000000,00000000,?), ref: 00DB2668
                                                                                                                                                                                                                                                    • GetWindow.USER32(00000000,00000005), ref: 00DB2688
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: RectWindow$OffsetParent
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3516746122-0
                                                                                                                                                                                                                                                    • Opcode ID: 72446451981387e7d6d74d5755704d560b9150a67e7290c0139d881cddad9fee
                                                                                                                                                                                                                                                    • Instruction ID: 9a639ba43d8da3c226bc9d59fbef6e9ec96efd4160f3e2fc0984d6047b6a9ed2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72446451981387e7d6d74d5755704d560b9150a67e7290c0139d881cddad9fee
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97215E72A0030AAFDF11ABA5DD49FBEBBB9FB08321F200515F506B61D1DB709A049B71
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DAB812 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • BeginDeferWindowPos.USER32(00000000), ref: 00DAB834
                                                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 00DAB84F
                                                                                                                                                                                                                                                    • DeferWindowPos.USER32(00000000,?,00000000,?,?,?,?,00000000), ref: 00DAB89F
                                                                                                                                                                                                                                                    • EndDeferWindowPos.USER32(00000000), ref: 00DAB8AA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$Defer$Begin
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2880567340-0
                                                                                                                                                                                                                                                    • Opcode ID: e87f727aa26374883153b81d439cc8f616f21fe55860bb3cda71ec672b3ea356
                                                                                                                                                                                                                                                    • Instruction ID: 6dde86040cf427874532fef69f5f2979387ff316ba7b74c87f0bd07bc43bfdbb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e87f727aa26374883153b81d439cc8f616f21fe55860bb3cda71ec672b3ea356
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F2108B1A00109AFDB01DFB9C944ABEBBF8EF48310F24442AE505F3251D734AA41DBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DCE8D5 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Rect$CallCursorHookNextWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3719484595-0
                                                                                                                                                                                                                                                    • Opcode ID: 504af77dea0b9ca0ee0ad55d3f72fa0f877b54f2c7772f02eeabbc096ce1831c
                                                                                                                                                                                                                                                    • Instruction ID: c2683d041411935b25a9a82a02e52108dd3bc1c4eea78bee428db360af940d44
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 504af77dea0b9ca0ee0ad55d3f72fa0f877b54f2c7772f02eeabbc096ce1831c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C21D8B5D0020BEBCF109FA9DA48EAEBBB8EB49301F14451AE505E7565CB349A05DF60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9E844 Relevance: 6.1, APIs: 4, Instructions: 61fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • UnlockFile.KERNEL32(?,?,?,?,?), ref: 00D9E859
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00D9E872
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,00000000,00000000), ref: 00D9E89C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$ErrorLastUnlockWrite
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1673360954-0
                                                                                                                                                                                                                                                    • Opcode ID: d67a4bc0cd5ad06fc82edd1ab6019594c96fc86ade67b2603096e3ebdfacd226
                                                                                                                                                                                                                                                    • Instruction ID: 44f00ce249fa2835229eae8a241a9611faad2879271ad8e323d3dee16ef83eba
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d67a4bc0cd5ad06fc82edd1ab6019594c96fc86ade67b2603096e3ebdfacd226
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B118232500119BBDF20EFA2EC09DAB7B6CEF457A0B248525B919A6460DB71ED14D7F0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DA3AB5 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetObjectW.GDI32(?,0000000C,?), ref: 00DA3B00
                                                                                                                                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 00DA3B0A
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000008), ref: 00DA3B1A
                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,?), ref: 00DA3B22
                                                                                                                                                                                                                                                      • Part of subcall function 00D9D6E5: GetWindowLongW.USER32(?,000000F0), ref: 00D9D700
                                                                                                                                                                                                                                                      • Part of subcall function 00D9D6E5: GetClassNameW.USER32(?,?,0000000A), ref: 00D9D715
                                                                                                                                                                                                                                                      • Part of subcall function 00D9D6E5: CompareStringW.KERNEL32(0000007F,00000001,?,000000FF,combobox,000000FF), ref: 00D9D72C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Color$ClassCompareLongNameObjectStringTextWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3274569906-0
                                                                                                                                                                                                                                                    • Opcode ID: c6478f8d57207816ee0fa44675a103cf1bc5e1fd73ed066060cdd83c9e0c180e
                                                                                                                                                                                                                                                    • Instruction ID: c39ecc6a689cd305e82bbcf70da276ecf457a02e1678ecd1fe1a112f2b01a7a5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6478f8d57207816ee0fa44675a103cf1bc5e1fd73ed066060cdd83c9e0c180e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C501617160020DAFCB10DFA8DD459BE77ABEB46710F284619F922E2190DB30DA05CB72
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC54A9 Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00DC54E5
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000002D), ref: 00DC54F9
                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(00000002), ref: 00DC5505
                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000101E,00000000,00000000), ref: 00DC551A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MetricsSystem$ClientMessageRectSend
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2251314529-0
                                                                                                                                                                                                                                                    • Opcode ID: 0b02e66ee6c7e079a0b9ae0c49e011b7c821884f74859cd3e42fe1937a8c6251
                                                                                                                                                                                                                                                    • Instruction ID: 192aca84937c7e801bc8f7708e0d3ac3e4a6ea29ae230698b7b63a970098477f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b02e66ee6c7e079a0b9ae0c49e011b7c821884f74859cd3e42fe1937a8c6251
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57018272A00109AFDB04DFB9DE45ABEFBB5FB48300F14026AD801B3640D7706D04CA50
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DA6061 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetTopWindow.USER32(?), ref: 00DA6068
                                                                                                                                                                                                                                                    • GetTopWindow.USER32(00000000), ref: 00DA60AB
                                                                                                                                                                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 00DA60CD
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2353593579-0
                                                                                                                                                                                                                                                    • Opcode ID: 19c58f82f11fab872950f3f5fcae74b3458eea1caecb51156d70e99072b5959d
                                                                                                                                                                                                                                                    • Instruction ID: 93a13e718c63b0dae3328e27a0952535a4a4d757db2e310c6fb4cc407ca496c7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19c58f82f11fab872950f3f5fcae74b3458eea1caecb51156d70e99072b5959d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45010C36000619FFCF226F91DD05EAE3A66EF56351F184001FA15610A0C736CAA5EFB5
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9D224 Relevance: 6.0, APIs: 4, Instructions: 41windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00D9D232
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00D9D245
                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00D9D25F
                                                                                                                                                                                                                                                    • SetFocus.USER32(?,00000000,?,00000000,00DA3BEA), ref: 00D9D278
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Parent$Focus
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 384096180-0
                                                                                                                                                                                                                                                    • Opcode ID: 753d9afd628aa54f91b9f98f938674160efe2cfdbc837ab1f1cd63724193b603
                                                                                                                                                                                                                                                    • Instruction ID: 5ff0cd347446862ccb25e396a58e47726c3686c5f579d44e4652150b44bbc10f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 753d9afd628aa54f91b9f98f938674160efe2cfdbc837ab1f1cd63724193b603
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4F0FB32A106009FCF223B71AD1897A76AAFF89311728092AB54793171EB75E900CB70
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB7ABA Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00DB7ADE
                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 00DB7AF1
                                                                                                                                                                                                                                                    • SetCapture.USER32(?), ref: 00DB7AFE
                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000401,00000000), ref: 00DB7B20
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CaptureClientRectRedrawScreenWindow
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2178243973-0
                                                                                                                                                                                                                                                    • Opcode ID: b3be1df7ab413a0c5e30bcc51f455cfc2aed3df45692e6672e43f7c8c03047cd
                                                                                                                                                                                                                                                    • Instruction ID: 62df5a500160d092a5ee24b75a3036981a9be0be1564b0b2a2c10386dfe1a2b8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3be1df7ab413a0c5e30bcc51f455cfc2aed3df45692e6672e43f7c8c03047cd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40014B71500308EFDB219FA1DD09F9ABBB9FB48704F208519F54AA2150EBB1AA04DF60
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00EB185D Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00D9D34E: ShowWindow.USER32(?,?), ref: 00D9D35F
                                                                                                                                                                                                                                                    • UpdateWindow.USER32(?), ref: 00EB1884
                                                                                                                                                                                                                                                    • UpdateWindow.USER32(?), ref: 00EB1897
                                                                                                                                                                                                                                                    • SetRectEmpty.USER32(?), ref: 00EB18A4
                                                                                                                                                                                                                                                    • SetRectEmpty.USER32(?), ref: 00EB18B1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Window$EmptyRectUpdate$Show
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1262231214-0
                                                                                                                                                                                                                                                    • Opcode ID: ff086531389313b5ef516d5d1aca7027669638504a81fb65cfe8fcaa5736b501
                                                                                                                                                                                                                                                    • Instruction ID: f1bcc78435cc900d4920a831f66d18058ab3af1019b2c2c00f3dbda19b1572ca
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff086531389313b5ef516d5d1aca7027669638504a81fb65cfe8fcaa5736b501
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57F058712103059FDB209B71DD08FE377E8BB04316F2195A8E09AE6060DB30A848CF21
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB296C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(?,?,0000000A,System,00DB2B5D,System,?,?,?,00000000), ref: 00DB2983
                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(?), ref: 00DB2AAB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Global$LockUnlock
                                                                                                                                                                                                                                                    • String ID: System
                                                                                                                                                                                                                                                    • API String ID: 2502338518-3470857405
                                                                                                                                                                                                                                                    • Opcode ID: 677d7501e1b02ffa9406a87d04bd088e877a3ed1a0a94859ae35f08f933688f6
                                                                                                                                                                                                                                                    • Instruction ID: 0025a3c392445f50aa2597d3578cdfdafd9edc2e1c335cd8013ead07ff7c65db
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 677d7501e1b02ffa9406a87d04bd088e877a3ed1a0a94859ae35f08f933688f6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32417C7290021AEFCB15DF68C885AFEB7B5FF44315F18856AE816E7241E734DA41CBA0
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D998B5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00D998BC
                                                                                                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 00D998FE
                                                                                                                                                                                                                                                      • Part of subcall function 00D99824: __EH_prolog3.LIBCMT ref: 00D9982B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: H_prolog3$H_prolog3_catch
                                                                                                                                                                                                                                                    • String ID: P
                                                                                                                                                                                                                                                    • API String ID: 1670334802-1343716551
                                                                                                                                                                                                                                                    • Opcode ID: 1d5118f7ed58f88eec76abe32218a2a83c0ad3d1b3a422b7e018af3efbb70e79
                                                                                                                                                                                                                                                    • Instruction ID: eba07c371d136b70aed452af3304ae9c6fb5a3e6049a46d4df50cdeab2495980
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d5118f7ed58f88eec76abe32218a2a83c0ad3d1b3a422b7e018af3efbb70e79
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D31B43191020AEBDF14EFB8C916BAEB7A5EF00314F14852CB525B7292DB30DA41DBB1
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC7480 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetSysColor.USER32(00000014), ref: 00DC74EE
                                                                                                                                                                                                                                                    • CreateDIBitmap.GDI32(00DB1EA6,00000028,00000004,?,00000028,00000000), ref: 00DC753E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: BitmapColorCreate
                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                    • API String ID: 2048008349-3887548279
                                                                                                                                                                                                                                                    • Opcode ID: 1087d7551e53c565dd2ca956b7e3d92202e219d271e74fb5480b45f75c7875e5
                                                                                                                                                                                                                                                    • Instruction ID: 5174ed472343198dfc793b855f1c8cbfe2e7377e99f2ae185a6803db25d01a88
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1087d7551e53c565dd2ca956b7e3d92202e219d271e74fb5480b45f75c7875e5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B219571A5125DDFEB04DBA88D42BEDB7F4EF15304F5040AEE545EB281EB349A08CB61
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DC79A7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CopyInfoMonitorRect
                                                                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                                                                    • API String ID: 2119610155-3887548279
                                                                                                                                                                                                                                                    • Opcode ID: 222c6c7314ec07ca3b0e18bca35b6387332ef2104d1c3cf5b5ff1dbbf07996b6
                                                                                                                                                                                                                                                    • Instruction ID: fd4b31e9349fa4f5e56b04ee1122c996be531ae002615636206bdaabf7d9956a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 222c6c7314ec07ca3b0e18bca35b6387332ef2104d1c3cf5b5ff1dbbf07996b6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B111D671A0020ADFDB10DFA9C981E9EB7F4FB08300B508859E49AE3210D730FA44CF20
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00DB97EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45keyboardwindowCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetKeyState.USER32(00000011), ref: 00DB9806
                                                                                                                                                                                                                                                      • Part of subcall function 00DBA099: __EH_prolog3.LIBCMT ref: 00DBA0A0
                                                                                                                                                                                                                                                      • Part of subcall function 00DBA099: SendMessageW.USER32(?,000000B0,?,?), ref: 00DBA0E3
                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000B0,0000002E,?), ref: 00DB984A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: MessageSend$H_prolog3State
                                                                                                                                                                                                                                                    • String ID: .
                                                                                                                                                                                                                                                    • API String ID: 1947833932-248832578
                                                                                                                                                                                                                                                    • Opcode ID: f13d2dae297443eb84b738bda71bcaee1897e680fc0ac77e67e4b2125f1dca49
                                                                                                                                                                                                                                                    • Instruction ID: d02fd5ccc660f3bf510bf6dc04d7bd3c2340386d7e28082fef562a1348549b25
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f13d2dae297443eb84b738bda71bcaee1897e680fc0ac77e67e4b2125f1dca49
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B801A739200248FFDF156F51CC19EEDBBAAEB86350F148125FA02591A1CB71DA90DB71
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                    Function 00D9C69C Relevance: 5.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00F4F478,?,?,00000010,?,00D9BAFA,00000010,00000008,00D9AD73,00D9ADB0,00D99031,00D9924E,00D9616E,?), ref: 00D9C6CD
                                                                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(00000000,?,?,00000010,?,00D9BAFA,00000010,00000008,00D9AD73,00D9ADB0,00D99031,00D9924E,00D9616E,?), ref: 00D9C6E3
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00F4F478,?,?,00000010,?,00D9BAFA,00000010,00000008,00D9AD73,00D9ADB0,00D99031,00D9924E,00D9616E,?), ref: 00D9C6F1
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00000000,?,00000010,?,00D9BAFA,00000010,00000008,00D9AD73,00D9ADB0,00D99031,00D9924E,00D9616E,?), ref: 00D9C6FE
                                                                                                                                                                                                                                                      • Part of subcall function 00D9C678: InitializeCriticalSection.KERNEL32(00F4F478,00D9C6B6,00000010,?,00D9BAFA,00000010,00000008,00D9AD73,00D9ADB0,00D99031,00D9924E,00D9616E,?), ref: 00D9C690
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000011.00000002.2744980726.0000000000D91000.00000020.00000001.01000000.00000015.sdmp, Offset: 00D90000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2744832451.0000000000D90000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745654101.0000000000EFC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745906858.0000000000F4A000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2745971868.0000000000F4C000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F4F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746082663.0000000000F51000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000011.00000002.2746307525.0000000000F56000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_17_2_d90000_fast!.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterInitialize$Leave
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 713024617-0
                                                                                                                                                                                                                                                    • Opcode ID: 1b063ea4f2c76c544d235068f204596639da76381262800fd0468cd54c6d21b1
                                                                                                                                                                                                                                                    • Instruction ID: 895fdfccd9afd75d33b97dd7c71550e7014f8604c85ffed3ee7d9dfa67d9724a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b063ea4f2c76c544d235068f204596639da76381262800fd0468cd54c6d21b1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0F0687660121C9FDB005BADEC48A69B65CEB67365F643035E805A2031CB70C9099975
                                                                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                                                                    Uniqueness Score: -1.00%